VDB
CVE-2024-25042
CVE-2024-25042
PUBLISHED
CVSS 5.400000095367432 MEDIUM
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
EPSS 0.10% · 28.1th percentile
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.10%
28.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibm | cognos_analytics | 11.2.0, 12.0.0 |
| IBM | Cognos Analytics | 11.2.0, 12.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-25042 (circl-sighting)
- CIRCL seen: CVE-2024-25042 (circl-sighting)
- https://www.ibm.com/support/pages/node/7173592 (circl)
Timeline
- Oct 25, 2024 CVE Published
- Dec 18, 2024 PoC Published
- Dec 18, 2024 PoC Published
- Dec 19, 2024 EPSS Score
- Jan 4, 2025 EPSS Score
- Jan 10, 2025 CVE Updated
- Jan 21, 2025 EPSS Score
- Jan 21, 2025 Coalition ESS Score
- Feb 6, 2025 EPSS Score
- Feb 23, 2025 EPSS Score
- Mar 11, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
References
- https://www.ibm.com/support/pages/node/7173631 advisory
- https://www.ibm.com/support/pages/node/7174016 advisory
- https://www.ibm.com/support/pages/node/7174015 advisory
- https://www.ibm.com/support/pages/node/7173632 advisory
- https://www.ibm.com/support/pages/node/7172691 advisory
- https://www.ibm.com/support/pages/node/7172692 advisory
- https://www.ibm.com/support/pages/node/7173592 advisory
- https://www.ibm.com/support/pages/node/7173866 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-25042 advisory