VDB
CVE-2024-49352
CVE-2024-49352
PUBLISHED
CVSS 7.099999904632568 HIGH
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
EPSS 0.20% · 41.4th percentile
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
EPSS Score
0.20%
41.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibm | cognos_analytics | 11.2.0, 12.0.0, 11.2.4 |
| IBM | Cognos Analytics | 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4 |
Exploit Intelligence
- CIRCL seen: CVE-2024-49352 (circl-sighting)
- CIRCL seen: CVE-2024-49352 (circl-sighting)
- CIRCL seen: CVE-2024-49352 (circl-sighting)
- CIRCL seen: CVE-2024-49352 (circl-sighting)
- CIRCL seen: CVE-2024-49352 (circl-sighting)
- https://www.ibm.com/support/pages/node/7181480 (circl)
Timeline
- Feb 5, 2025 CVE Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 6, 2025 EPSS Score
- Feb 6, 2025 PoC Published
- Feb 19, 2025 Coalition ESS Score
- Feb 21, 2025 EPSS Score
- Feb 22, 2025 CVE Updated
- Feb 22, 2025 PoC Published
- Mar 8, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
References
- https://www.ibm.com/support/pages/node/7182424 advisory
- https://www.ibm.com/support/pages/node/7182335 advisory
- https://www.ibm.com/support/pages/node/7181898 advisory
- https://www.ibm.com/support/pages/node/7181480 advisory
- https://www.ibm.com/support/pages/node/7182696 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-49352 advisory