CVE-2024-25047

Опубликовано: 02 мая 2024

Источник: nvd

CVSS3: 8.6

EPSS Низкий

Описание

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
VDB Entry
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240621-0007/
Third Party Advisory
https://www.ibm.com/support/pages/node/7149874
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
VDB Entry
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240621-0007/
Third Party Advisory
https://www.ibm.com/support/pages/node/7149874
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*

Версия от 11.2.0 (включая) до 11.2.4 (исключая)

cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.0.3 (исключая)

cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00057

Низкий

8.6 High

CVSS3

Дефекты

CWE-117

Связанные уязвимости

GHSA-6r52-jcm4-48gv