HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-25047

CVSS 8.6v3.1pub. 2024-05-02upd. 2025-07-02

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
  • IBM Cognos Analytics

    APP
    Ibm
    11.2.411.2.0 – 11.2.4 (bez)12.0.0 – 12.0.3 (bez)
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2016-8735CRITICAL9.8⚠ KEVten sam produkt

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2024-51466CRITICAL9.0PL ✓ten sam produkt

IBM Cognos Analytics — podatność Expression Language Injection (EL Injection)

CVE-2023-38545CRITICAL9.8ten sam produkt

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass a...