CVE-2024-25042 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-25042 PUBLISHED CVSS 5.400000095367432 MEDIUM

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.

EPSS 0.08% · 22.9th percentile

Risk Scores

CVSS v3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.08%

22.9th percentile

Affected Products

Vendor	Product	Versions
ibm	cognos_analytics	11.2.0, 12.0.0
IBM	Cognos Analytics	11.2.0, 12.0.0

Timeline

Oct 25, 2024 CVE Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 19, 2024 EPSS Score
Jan 4, 2025 EPSS Score
Jan 10, 2025 CVE Updated
Jan 20, 2025 EPSS Score
Jan 21, 2025 Coalition ESS Score
Feb 5, 2025 EPSS Score
Feb 21, 2025 EPSS Score
Mar 8, 2025 EPSS Score
Mar 24, 2025 EPSS Score

References

https://www.ibm.com/support/pages/node/7173631 advisory
https://www.ibm.com/support/pages/node/7174016 advisory
https://www.ibm.com/support/pages/node/7174015 advisory
https://www.ibm.com/support/pages/node/7173632 advisory
https://www.ibm.com/support/pages/node/7172691 advisory
https://www.ibm.com/support/pages/node/7172692 advisory
https://www.ibm.com/support/pages/node/7173592 advisory
https://www.ibm.com/support/pages/node/7173866 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-25042 advisory

Open in Interactive Console →