CNVD-2024-12708 — Vulnetix

CNVD-2024-12708 PUBLISHED CVSS 5.300000190734863 MEDIUM

IBM Cognos Analytics是美国国际商业机器（IBM）公司的一套商业智能软件。 IBM Cognos Analytics存在访问控制错误漏洞，远程攻击者可以利用该漏洞提交特殊的请求，可获取敏感信息。

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
ibm	cognos_analytics	11.1.7, 12.0.0, 11.2.4
IBM	Cognos Analytics	11.1.7, 11.2.4, 12.0.0

Exploit Intelligence

CIRCL seen: CVE-2023-30996 (circl-sighting)
https://www.ibm.com/support/pages/node/7123154 (circl)
https://exchange.xforce.ibmcloud.com/vulnerabilities/254290 (circl)
https://security.netapp.com/advisory/ntap-20240405-0004/ (circl)
https://security.netapp.com/advisory/ntap-20240621-0006/ (circl)

Timeline

Feb 24, 2024 CVE Published
Mar 4, 2024 CVE ID Reserved
Mar 14, 2024 PoC Published

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›