GCVE-VVD-NCSC-2024-497

Advisory PublishedCVSS 9.8/10

Vulnetix · Advisory published December 23, 2024

IBM heeft kwetsbaarheden verholpen in IBM Cognos Analytics

Weaknesses (CWE)

CWE-434Unrestricted Upload of File with Dangerous TypeCWE-917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Risk Scores

CVSS 3.1

9.8/10

Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions	Platforms
ibm	cognos_analytics	—	—
ibm	planning_analytics	—	—

Aliases

CVE-2024-51466 CVE-2023-42017

Transitive aliases

GHSA-hfqv-qm4h-qgqv VVD-CISA-2024-51466 BDU:2024-11551 GHSA-43rj-vhj3-86r7 CNVD-2024-01168 EUVD-2024-45781 NCSC-2024-0497 GSD-2023-42017 EUVD-2023-46476

References

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON