CVE-2024-45082

Опубликовано: 18 дек. 2024

Источник: nvd

CVSS3: 6.8

CVSS3: 5.2

EPSS Низкий

Описание

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3

could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.

Ссылки

https://www.ibm.com/support/pages/node/7177223
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*

Версия от 11.2.0 (включая) до 11.2.4 (включая)

cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.0.3 (включая)

EPSS

Процентиль: 11%

0.00038

Низкий

6.8 Medium

CVSS3

5.2 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-gr94-xfwg-97fp

CVSS3: 6.8

github

около 1 года назад

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.

EPSS

Процентиль: 11%

0.00038

Низкий

6.8 Medium

CVSS3

5.2 Medium

CVSS3

Дефекты

CWE-601