VDB

CVE-2024-25042

CVE-2024-25042 PUBLISHED CVSS 5.400000095367432 MEDIUM

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.

EPSS 0.10% · 28.1th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.10%
28.1th percentile

Affected Products

VendorProductVersions
ibmcognos_analytics11.2.0, 12.0.0
IBMCognos Analytics11.2.0, 12.0.0

Timeline

  • Oct 25, 2024 CVE Published
  • Dec 18, 2024 PoC Published
  • Dec 18, 2024 PoC Published
  • Dec 19, 2024 EPSS Score
  • Jan 4, 2025 EPSS Score
  • Jan 10, 2025 CVE Updated
  • Jan 21, 2025 EPSS Score
  • Jan 21, 2025 Coalition ESS Score
  • Feb 6, 2025 EPSS Score
  • Feb 23, 2025 EPSS Score
  • Mar 11, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›