Search

Find a vulnerability

Search criteria

    222 vulnerabilities found for Cognos Analytics by IBM

    CERTFR-2026-AVI-0667

    Vulnerability from certfr_avis - Published: 2026-05-29 - Updated: 2026-05-29

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cognos Analytics Cognos Analytics Mobile versions antérieures à 1.1.26
    IBM Sterling Control Center Sterling Control Center versions 6.3.1.0 sans le correctif iFix09
    IBM Tivoli Monitoring Tivoli Monitoring sans le dernier correctif de sécurité
    IBM QRadar SIEM QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP15 IF03
    IBM Sterling Control Center Sterling Control Center versions 6.4.2.0 sans le correctif iFix04
    IBM QRadar Suite Software QRadar Suite Software versions antérieures à 1.11.11.0
    IBM N/A Analyst Workflow versions antérieures à 3.1.0
    IBM Cloud Pak Cloud Pak for Security versions antérieures à 1.11.11.0
    IBM Sterling Control Center Sterling Control Center versions 6.4.1.0 sans le correctif iFix03
    References
    Bulletin de sécurité IBM 7274185 2026-05-27 vendor-advisory
    Bulletin de sécurité IBM 7274154 2026-05-27 vendor-advisory
    Bulletin de sécurité IBM 7274180 2026-05-27 vendor-advisory
    Bulletin de sécurité IBM 7274183 2026-05-27 vendor-advisory
    Bulletin de sécurité IBM 7273957 2026-05-25 vendor-advisory
    Bulletin de sécurité IBM 7274184 2026-05-27 vendor-advisory
    Bulletin de sécurité IBM 7274314 2026-05-28 vendor-advisory
    Bulletin de sécurité IBM 7274182 2026-05-27 vendor-advisory
    Bulletin de sécurité IBM 7274181 2026-05-27 vendor-advisory
    Bulletin de sécurité IBM 7273803 2026-05-22 vendor-advisory
    Bulletin de sécurité IBM 7272901 2026-05-22 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Cognos Analytics Mobile versions ant\u00e9rieures \u00e0 1.1.26",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Control Center versions 6.3.1.0 sans le correctif iFix09",
          "product": {
            "name": "Sterling Control Center",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Tivoli Monitoring sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Tivoli Monitoring",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP15 IF03",
          "product": {
            "name": "QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Control Center versions 6.4.2.0 sans le correctif iFix04",
          "product": {
            "name": "Sterling Control Center",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.11.0",
          "product": {
            "name": "QRadar Suite Software",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Analyst Workflow versions ant\u00e9rieures \u00e0 3.1.0",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.11.0",
          "product": {
            "name": "Cloud Pak",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Control Center versions 6.4.1.0 sans le correctif iFix03",
          "product": {
            "name": "Sterling Control Center",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-27980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27980"
        },
        {
          "name": "CVE-2026-35388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35388"
        },
        {
          "name": "CVE-2006-10003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-10003"
        },
        {
          "name": "CVE-2026-27135",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
        },
        {
          "name": "CVE-2026-41324",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
        },
        {
          "name": "CVE-2026-40466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40466"
        },
        {
          "name": "CVE-2026-2229",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
        },
        {
          "name": "CVE-2026-35386",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35386"
        },
        {
          "name": "CVE-2026-32597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
        },
        {
          "name": "CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "name": "CVE-2026-22036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
        },
        {
          "name": "CVE-2026-31402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
        },
        {
          "name": "CVE-2025-53643",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
        },
        {
          "name": "CVE-2025-68741",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68741"
        },
        {
          "name": "CVE-2026-33349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33349"
        },
        {
          "name": "CVE-2026-34982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
        },
        {
          "name": "CVE-2026-33940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33940"
        },
        {
          "name": "CVE-2024-12797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
        },
        {
          "name": "CVE-2026-40974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40974"
        },
        {
          "name": "CVE-2026-1527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
        },
        {
          "name": "CVE-2026-32875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32875"
        },
        {
          "name": "CVE-2026-31988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31988"
        },
        {
          "name": "CVE-2024-28102",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
        },
        {
          "name": "CVE-2026-40977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40977"
        },
        {
          "name": "CVE-2026-22013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
        },
        {
          "name": "CVE-2026-28421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28421"
        },
        {
          "name": "CVE-2026-1525",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
        },
        {
          "name": "CVE-2026-22018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
        },
        {
          "name": "CVE-2026-31431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
        },
        {
          "name": "CVE-2025-6176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
        },
        {
          "name": "CVE-2025-11953",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11953"
        },
        {
          "name": "CVE-2026-23745",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
        },
        {
          "name": "CVE-2025-59471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59471"
        },
        {
          "name": "CVE-2026-33941",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33941"
        },
        {
          "name": "CVE-2026-0848",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0848"
        },
        {
          "name": "CVE-2025-41248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
        },
        {
          "name": "CVE-2026-33412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33412"
        },
        {
          "name": "CVE-2026-5121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
        },
        {
          "name": "CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "name": "CVE-2026-34282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
        },
        {
          "name": "CVE-2025-59472",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59472"
        },
        {
          "name": "CVE-2026-2581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2581"
        },
        {
          "name": "CVE-2021-23337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
        },
        {
          "name": "CVE-2025-64718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
        },
        {
          "name": "CVE-2026-23401",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23401"
        },
        {
          "name": "CVE-2025-40252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
        },
        {
          "name": "CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2026-21860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
        },
        {
          "name": "CVE-2026-4800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
        },
        {
          "name": "CVE-2026-0847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0847"
        },
        {
          "name": "CVE-2026-4424",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
        },
        {
          "name": "CVE-2025-6545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
        },
        {
          "name": "CVE-2026-23865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
        },
        {
          "name": "CVE-2026-28417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28417"
        },
        {
          "name": "CVE-2023-5764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5764"
        },
        {
          "name": "CVE-2026-5598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
        },
        {
          "name": "CVE-2026-30922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
        },
        {
          "name": "CVE-2026-23191",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
        },
        {
          "name": "CVE-2026-2359",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2359"
        },
        {
          "name": "CVE-2026-6918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
        },
        {
          "name": "CVE-2026-35535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35535"
        },
        {
          "name": "CVE-2025-68724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68724"
        },
        {
          "name": "CVE-2026-33939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33939"
        },
        {
          "name": "CVE-2026-27699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
        },
        {
          "name": "CVE-2025-65945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
        },
        {
          "name": "CVE-2026-33228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
        },
        {
          "name": "CVE-2025-12758",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
        },
        {
          "name": "CVE-2026-40175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
        },
        {
          "name": "CVE-2026-41044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41044"
        },
        {
          "name": "CVE-2006-10002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-10002"
        },
        {
          "name": "CVE-2026-5795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5795"
        },
        {
          "name": "CVE-2026-40975",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40975"
        },
        {
          "name": "CVE-2026-27942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27942"
        },
        {
          "name": "CVE-2024-41073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
        },
        {
          "name": "CVE-2026-26960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
        },
        {
          "name": "CVE-2025-5187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
        },
        {
          "name": "CVE-2026-4923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
        },
        {
          "name": "CVE-2026-4867",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4867"
        },
        {
          "name": "CVE-2024-9902",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-9902"
        },
        {
          "name": "CVE-2024-8775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
        },
        {
          "name": "CVE-2026-27199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
        },
        {
          "name": "CVE-2026-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
        },
        {
          "name": "CVE-2025-66471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
        },
        {
          "name": "CVE-2026-21441",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
        },
        {
          "name": "CVE-2025-66030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
        },
        {
          "name": "CVE-2024-11079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
        },
        {
          "name": "CVE-2026-23897",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23897"
        },
        {
          "name": "CVE-2026-35385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35385"
        },
        {
          "name": "CVE-2026-34601",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34601"
        },
        {
          "name": "CVE-2026-29057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29057"
        },
        {
          "name": "CVE-2026-32874",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32874"
        },
        {
          "name": "CVE-2026-4519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
        },
        {
          "name": "CVE-2026-34197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34197"
        },
        {
          "name": "CVE-2026-25128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25128"
        },
        {
          "name": "CVE-2025-13333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13333"
        },
        {
          "name": "CVE-2025-12635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
        },
        {
          "name": "CVE-2026-24842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
        },
        {
          "name": "CVE-2025-66221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
        },
        {
          "name": "CVE-2026-23950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
        },
        {
          "name": "CVE-2026-33036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33036"
        },
        {
          "name": "CVE-2026-35414",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35414"
        },
        {
          "name": "CVE-2026-2950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
        },
        {
          "name": "CVE-2026-3304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3304"
        },
        {
          "name": "CVE-2026-33916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33916"
        },
        {
          "name": "CVE-2026-22016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
        },
        {
          "name": "CVE-2026-22021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
        },
        {
          "name": "CVE-2026-6100",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
        },
        {
          "name": "CVE-2026-22007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
        },
        {
          "name": "CVE-2026-34268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
        },
        {
          "name": "CVE-2026-29786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
        },
        {
          "name": "CVE-2024-29371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
        },
        {
          "name": "CVE-2026-1519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
        },
        {
          "name": "CVE-2026-1528",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
        },
        {
          "name": "CVE-2023-26132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26132"
        },
        {
          "name": "CVE-2026-1526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
        },
        {
          "name": "CVE-2026-33937",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33937"
        },
        {
          "name": "CVE-2026-31808",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31808"
        },
        {
          "name": "CVE-2026-27459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
        },
        {
          "name": "CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "name": "CVE-2026-40973",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40973"
        },
        {
          "name": "CVE-2026-39373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39373"
        },
        {
          "name": "CVE-2026-27448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
        },
        {
          "name": "CVE-2026-8620",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8620"
        },
        {
          "name": "CVE-2025-69277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
        },
        {
          "name": "CVE-2026-8633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8633"
        },
        {
          "name": "CVE-2026-26278",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
        },
        {
          "name": "CVE-2025-22870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
        },
        {
          "name": "CVE-2026-23490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
        },
        {
          "name": "CVE-2025-14009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14009"
        },
        {
          "name": "CVE-2025-7339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
        },
        {
          "name": "CVE-2025-41249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
        },
        {
          "name": "CVE-2026-25896",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25896"
        },
        {
          "name": "CVE-2026-26996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
        },
        {
          "name": "CVE-2026-4786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
        },
        {
          "name": "CVE-2026-33938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33938"
        },
        {
          "name": "CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "name": "CVE-2026-32141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
        },
        {
          "name": "CVE-2026-30951",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-30951"
        },
        {
          "name": "CVE-2026-35387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35387"
        },
        {
          "name": "CVE-2026-24001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
        },
        {
          "name": "CVE-2025-58754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
        },
        {
          "name": "CVE-2026-27837",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27837"
        },
        {
          "name": "CVE-2025-6547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
        },
        {
          "name": "CVE-2026-29063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
        },
        {
          "name": "CVE-2026-39983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39983"
        },
        {
          "name": "CVE-2026-22008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
        },
        {
          "name": "CVE-2025-14813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
        },
        {
          "name": "CVE-2026-31802",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
        },
        {
          "name": "CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "name": "CVE-2025-67221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
        },
        {
          "name": "CVE-2026-4926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
        },
        {
          "name": "CVE-2026-25547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
        },
        {
          "name": "CVE-2026-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
        },
        {
          "name": "CVE-2026-2739",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2739"
        },
        {
          "name": "CVE-2024-56462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56462"
        },
        {
          "name": "CVE-2026-35213",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35213"
        },
        {
          "name": "CVE-2025-66418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
        },
        {
          "name": "CVE-2026-0846",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0846"
        }
      ],
      "initial_release_date": "2026-05-29T00:00:00",
      "last_revision_date": "2026-05-29T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0667",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-29T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-05-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7274185",
          "url": "https://www.ibm.com/support/pages/node/7274185"
        },
        {
          "published_at": "2026-05-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7274154",
          "url": "https://www.ibm.com/support/pages/node/7274154"
        },
        {
          "published_at": "2026-05-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7274180",
          "url": "https://www.ibm.com/support/pages/node/7274180"
        },
        {
          "published_at": "2026-05-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7274183",
          "url": "https://www.ibm.com/support/pages/node/7274183"
        },
        {
          "published_at": "2026-05-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273957",
          "url": "https://www.ibm.com/support/pages/node/7273957"
        },
        {
          "published_at": "2026-05-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7274184",
          "url": "https://www.ibm.com/support/pages/node/7274184"
        },
        {
          "published_at": "2026-05-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7274314",
          "url": "https://www.ibm.com/support/pages/node/7274314"
        },
        {
          "published_at": "2026-05-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7274182",
          "url": "https://www.ibm.com/support/pages/node/7274182"
        },
        {
          "published_at": "2026-05-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7274181",
          "url": "https://www.ibm.com/support/pages/node/7274181"
        },
        {
          "published_at": "2026-05-22",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273803",
          "url": "https://www.ibm.com/support/pages/node/7273803"
        },
        {
          "published_at": "2026-05-22",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272901",
          "url": "https://www.ibm.com/support/pages/node/7272901"
        }
      ]
    }

    CERTFR-2026-AVI-0606

    Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cognos Analytics Cognos Analytics versions 11.2.x sans le correctif de sécurité Fix Pack 7
    IBM N/A Robotic Process Automation for Cloud Pak versions 30.0.x antérieures à 30.0.2
    IBM Cognos Analytics Cognos Analytics versions 12.1.x antérieures à 12.1.2
    IBM N/A Robotic Process Automation for Cloud Pak versions 23.0.x antérieures à 23.0.20.6
    IBM AIX Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de sécurité Fix Pack 1
    IBM Cognos Analytics Cognos Analytics versions 12.0.x sans le correctif de sécurité Fix Pack 2
    References
    Bulletin de sécurité IBM 7272628 2026-05-12 vendor-advisory
    Bulletin de sécurité IBM 7272965 2026-05-14 vendor-advisory
    Bulletin de sécurité IBM 7272446 2026-05-08 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Cognos Analytics versions 11.2.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 7",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Robotic Process Automation for Cloud Pak versions 30.0.x ant\u00e9rieures \u00e0 30.0.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Robotic Process Automation for Cloud Pak versions 23.0.x  ant\u00e9rieures \u00e0 23.0.20.6",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de s\u00e9curit\u00e9 Fix Pack 1",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.0.x  sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-27516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
        },
        {
          "name": "CVE-2025-4447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
        },
        {
          "name": "CVE-2025-30167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30167"
        },
        {
          "name": "CVE-2025-56200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
        },
        {
          "name": "CVE-2025-7207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7207"
        },
        {
          "name": "CVE-2024-6866",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
        },
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2025-54798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
        },
        {
          "name": "CVE-2024-12798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
        },
        {
          "name": "CVE-2025-50106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
        },
        {
          "name": "CVE-2025-30754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
        },
        {
          "name": "CVE-2025-50182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
        },
        {
          "name": "CVE-2025-50181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
        },
        {
          "name": "CVE-2025-3633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-3633"
        },
        {
          "name": "CVE-2025-6020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
        },
        {
          "name": "CVE-2024-5535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
        },
        {
          "name": "CVE-2025-12875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12875"
        },
        {
          "name": "CVE-2024-6844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
        },
        {
          "name": "CVE-2024-12801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
        },
        {
          "name": "CVE-2026-1188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
        },
        {
          "name": "CVE-2025-48976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
        },
        {
          "name": "CVE-2025-21587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
        },
        {
          "name": "CVE-2025-68146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
        },
        {
          "name": "CVE-2024-35195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
        },
        {
          "name": "CVE-2025-12635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
        },
        {
          "name": "CVE-2025-50059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
        },
        {
          "name": "CVE-2025-30761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
        },
        {
          "name": "CVE-2025-30698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
        },
        {
          "name": "CVE-2024-29371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
        },
        {
          "name": "CVE-2024-56339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
        },
        {
          "name": "CVE-2025-5889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
        },
        {
          "name": "CVE-2025-30749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
        },
        {
          "name": "CVE-2025-14914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
        },
        {
          "name": "CVE-2025-2900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
        },
        {
          "name": "CVE-2024-6839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2025-36126",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36126"
        }
      ],
      "initial_release_date": "2026-05-15T00:00:00",
      "last_revision_date": "2026-05-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0606",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272628",
          "url": "https://www.ibm.com/support/pages/node/7272628"
        },
        {
          "published_at": "2026-05-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272965",
          "url": "https://www.ibm.com/support/pages/node/7272965"
        },
        {
          "published_at": "2026-05-08",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272446",
          "url": "https://www.ibm.com/support/pages/node/7272446"
        }
      ]
    }

    CERTFR-2026-AVI-0131

    Vulnerability from certfr_avis - Published: 2026-02-06 - Updated: 2026-02-06

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cloud Pak System Cloud Pak System versions 2.3.4.x et postérieures, antérieures à 2.3.6.1
    IBM Cognos Analytics Cognos Command Center versions 10.2.4.x et 10.2.5.x antérieures à 10.2.5 FP1 IF2
    IBM Db2 DB2 sans le correctif de sécurité 11.5.9 Special Build 62071
    IBM Db2 DB2 Data Management Console antérieures à 3.1.13.1
    IBM Db2 DB2 Data Management Console on CPD versions antérieurs à 4.8
    IBM Db2 DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de sécurité v5.5.0.1 Interim Fix 8
    References
    Bulletin de sécurité IBM 7259447 2026-02-02 vendor-advisory
    Bulletin de sécurité IBM 7253572 2026-01-30 vendor-advisory
    Bulletin de sécurité IBM 7257780 2026-02-04 vendor-advisory
    Bulletin de sécurité IBM 7259901 2026-02-05 vendor-advisory
    Bulletin de sécurité IBM 7259526 2026-02-03 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Cloud Pak System versions 2.3.4.x et post\u00e9rieures, ant\u00e9rieures \u00e0 2.3.6.1",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Command Center versions 10.2.4.x et 10.2.5.x ant\u00e9rieures \u00e0 10.2.5 FP1 IF2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 sans le correctif de s\u00e9curit\u00e9 11.5.9 Special Build 62071",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 Data Management Console ant\u00e9rieures \u00e0 3.1.13.1",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 Data Management Console on CPD versions ant\u00e9rieurs \u00e0 4.8",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de s\u00e9curit\u00e9 v5.5.0.1 Interim Fix 8",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-20919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
        },
        {
          "name": "CVE-2023-21938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
        },
        {
          "name": "CVE-2023-21843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
        },
        {
          "name": "CVE-2024-21235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
        },
        {
          "name": "CVE-2022-21426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
        },
        {
          "name": "CVE-2023-38264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
        },
        {
          "name": "CVE-2025-4447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
        },
        {
          "name": "CVE-2024-21144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
        },
        {
          "name": "CVE-2024-51473",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
        },
        {
          "name": "CVE-2023-21954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
        },
        {
          "name": "CVE-2023-21939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
        },
        {
          "name": "CVE-2024-20926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
        },
        {
          "name": "CVE-2023-21830",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
        },
        {
          "name": "CVE-2022-41725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
        },
        {
          "name": "CVE-2024-3933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
        },
        {
          "name": "CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "name": "CVE-2025-33092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
        },
        {
          "name": "CVE-2024-20921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
        },
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2022-21624",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
        },
        {
          "name": "CVE-2023-22081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
        },
        {
          "name": "CVE-2025-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
        },
        {
          "name": "CVE-2025-50106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
        },
        {
          "name": "CVE-2022-21626",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
        },
        {
          "name": "CVE-2025-33143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
        },
        {
          "name": "CVE-2025-30754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
        },
        {
          "name": "CVE-2024-10917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
        },
        {
          "name": "CVE-2023-22067",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
        },
        {
          "name": "CVE-2022-40609",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
        },
        {
          "name": "CVE-2022-21628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
        },
        {
          "name": "CVE-2024-21011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
        },
        {
          "name": "CVE-2026-1188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
        },
        {
          "name": "CVE-2023-25173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
        },
        {
          "name": "CVE-2025-21587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
        },
        {
          "name": "CVE-2024-21147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
        },
        {
          "name": "CVE-2022-3517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
        },
        {
          "name": "CVE-2024-21140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
        },
        {
          "name": "CVE-2024-21094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
        },
        {
          "name": "CVE-2023-21937",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
        },
        {
          "name": "CVE-2025-1948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
        },
        {
          "name": "CVE-2025-30761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
        },
        {
          "name": "CVE-2023-25153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
        },
        {
          "name": "CVE-2023-33850",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
        },
        {
          "name": "CVE-2023-24532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
        },
        {
          "name": "CVE-2023-2597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
        },
        {
          "name": "CVE-2025-30698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
        },
        {
          "name": "CVE-2023-22045",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
        },
        {
          "name": "CVE-2024-21138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
        },
        {
          "name": "CVE-2023-22049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
        },
        {
          "name": "CVE-2022-41724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
        },
        {
          "name": "CVE-2024-49828",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
        },
        {
          "name": "CVE-2015-3627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
        },
        {
          "name": "CVE-2025-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
        },
        {
          "name": "CVE-2025-27533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
        },
        {
          "name": "CVE-2023-5676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
        },
        {
          "name": "CVE-2024-21145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
        },
        {
          "name": "CVE-2023-21968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
        },
        {
          "name": "CVE-2025-36071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
        },
        {
          "name": "CVE-2025-30749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2023-21930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
        },
        {
          "name": "CVE-2024-20918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
        },
        {
          "name": "CVE-2025-27900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
        },
        {
          "name": "CVE-2022-23471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
        },
        {
          "name": "CVE-2025-27899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
        },
        {
          "name": "CVE-2022-41723",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
        },
        {
          "name": "CVE-2025-27901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
        },
        {
          "name": "CVE-2024-52894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
        },
        {
          "name": "CVE-2024-21085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
        },
        {
          "name": "CVE-2024-20945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
        },
        {
          "name": "CVE-2024-21131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
        },
        {
          "name": "CVE-2024-21210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
        },
        {
          "name": "CVE-2025-27898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2023-21967",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
        },
        {
          "name": "CVE-2022-21619",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2024-21217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
        },
        {
          "name": "CVE-2024-27267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
        },
        {
          "name": "CVE-2024-20952",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
        },
        {
          "name": "CVE-2024-21208",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
        }
      ],
      "initial_release_date": "2026-02-06T00:00:00",
      "last_revision_date": "2026-02-06T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0131",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-02-06T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-02-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259447",
          "url": "https://www.ibm.com/support/pages/node/7259447"
        },
        {
          "published_at": "2026-01-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7253572",
          "url": "https://www.ibm.com/support/pages/node/7253572"
        },
        {
          "published_at": "2026-02-04",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257780",
          "url": "https://www.ibm.com/support/pages/node/7257780"
        },
        {
          "published_at": "2026-02-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
          "url": "https://www.ibm.com/support/pages/node/7259901"
        },
        {
          "published_at": "2026-02-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259526",
          "url": "https://www.ibm.com/support/pages/node/7259526"
        }
      ]
    }

    CERTFR-2025-AVI-1013

    Vulnerability from certfr_avis - Published: 2025-11-14 - Updated: 2025-11-14

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM AIX AIX versions 7.2.5 sans le correctif de sécurité IJ55968 SP11
    IBM Sterling Sterling Transformation Extender versions 11.0.2.0 sans le correctif de sécurité PH68819
    IBM QRadar QRadar Network Packet Capture versions 7.5.x antérieures à QRadar Network Packet Capture 7.5.0 Update Package 14
    IBM AIX AIX versions 7.3.2 sans le correctif de sécurité IJ56113
    IBM Sterling Sterling Transformation Extender versions 11.0.1.1 sans le correctif de sécurité PH68819
    IBM Sterling Sterling Transformation Extender versions 11.0.0.0 sans le correctif de sécurité PH68266
    IBM WebSphere WebSphere Application Server versions 9.0.x sans le correctif de sécurité 9.0.5.27
    IBM Sterling Sterling Transformation Extender versions 10.1.1.1 sans le correctif de sécurité PH68266
    IBM Db2 Db2 versions 11.5.x sans le dernier correctif de sécurité
    IBM Tivoli Tivoli Application Dependency Discovery Manager versions 7.3.x à 7.3.0.12 sans le correctif de sécurité efix_CVE-2025-48976_FP12250331.zip
    IBM N/A QRadar DNS Analyzer App versions antérieures à 2.0.4
    IBM Db2 Db2 versions 12.1.x antérieures à 12.1.3 sans le dernier correctif de sécurité
    IBM WebSphere WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.11 sans le correctif de sécurité 25.0.0.12
    IBM WebSphere WebSphere Application Server versions 8.5.x sans le correctif de sécurité 8.5.5.29
    IBM AIX AIX versions 7.3.1 sans le correctif de sécurité IJ56230
    IBM Cognos Analytics Cognos Analytics Certified Containers versions 1.2.1.x antérieures à 12.1.1
    IBM Sterling Sterling Transformation Extender versions 10.1.2.1 sans le correctif de sécurité PH68266
    IBM Db2 Db2 versions 11.1.x sans le dernier correctif de sécurité
    IBM Sterling Sterling Transformation Extender versions 10.1.0.2 sans le correctif de sécurité PH68266
    IBM AIX AIX versions 7.3.3 sans le correctif de sécurité IJ55897 SP2
    IBM Storage Protect Storage Protect Operations Center versions 8.1.x antérieures à 8.1.27.100
    IBM QRadar SIEM QRadar SIEM versions 7.5 à 7.5.0 IP14 sans les correctif de sécurité QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs
    References
    Bulletin de sécurité IBM 7250959 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7249983 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250785 2025-11-11 vendor-advisory
    Bulletin de sécurité IBM 7249992 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7249994 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250921 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250486 2025-11-07 vendor-advisory
    Bulletin de sécurité IBM 7250907 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250395 2025-11-07 vendor-advisory
    Bulletin de sécurité IBM 7250956 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250763 2025-11-10 vendor-advisory
    Bulletin de sécurité IBM 7250474 2025-11-26 vendor-advisory
    Bulletin de sécurité IBM 7250971 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250926 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7251173 2025-11-13 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "AIX versions 7.2.5 sans le correctif de s\u00e9curit\u00e9 IJ55968 SP11",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.2.0 sans le correctif de s\u00e9curit\u00e9 PH68819",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 QRadar Network Packet Capture 7.5.0 Update Package 14",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.2 sans le correctif de s\u00e9curit\u00e9 IJ56113",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 PH68819",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 PH68266",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9  9.0.5.27",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 11.5.x sans le dernier correctif de s\u00e9curit\u00e9 ",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Tivoli Application Dependency Discovery Manager versions 7.3.x \u00e0 7.3.0.12 sans le correctif de s\u00e9curit\u00e9 efix_CVE-2025-48976_FP12250331.zip",
          "product": {
            "name": "Tivoli",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar DNS Analyzer App versions ant\u00e9rieures \u00e0 2.0.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.3 sans le dernier correctif de s\u00e9curit\u00e9 ",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.11 sans le correctif de s\u00e9curit\u00e9 25.0.0.12",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 8.5.x sans le correctif de s\u00e9curit\u00e9  8.5.5.29",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.1 sans le correctif de s\u00e9curit\u00e9 IJ56230",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics Certified Containers versions 1.2.1.x ant\u00e9rieures \u00e0 12.1.1",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 11.1.x sans le dernier correctif de s\u00e9curit\u00e9 ",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 PH68266",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.3 sans le correctif de s\u00e9curit\u00e9 IJ55897 SP2",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Storage Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.27.100",
          "product": {
            "name": "Storage Protect",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar SIEM versions 7.5 \u00e0 7.5.0 IP14 sans les correctif de s\u00e9curit\u00e9 QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs ",
          "product": {
            "name": "QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-6395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
        },
        {
          "name": "CVE-2025-22026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
        },
        {
          "name": "CVE-2024-1597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
        },
        {
          "name": "CVE-2023-1370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
        },
        {
          "name": "CVE-2025-36236",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36236"
        },
        {
          "name": "CVE-2025-49812",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
        },
        {
          "name": "CVE-2025-39757",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
        },
        {
          "name": "CVE-2023-46308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
        },
        {
          "name": "CVE-2024-49350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
        },
        {
          "name": "CVE-2025-36251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36251"
        },
        {
          "name": "CVE-2025-49146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
        },
        {
          "name": "CVE-2025-55752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
        },
        {
          "name": "CVE-2025-38461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
        },
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2025-36250",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36250"
        },
        {
          "name": "CVE-2024-35255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
        },
        {
          "name": "CVE-2025-50106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
        },
        {
          "name": "CVE-2025-38527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38527"
        },
        {
          "name": "CVE-2025-38449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38449"
        },
        {
          "name": "CVE-2022-41946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
        },
        {
          "name": "CVE-2025-39730",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39730"
        },
        {
          "name": "CVE-2025-1992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
        },
        {
          "name": "CVE-2025-30754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
        },
        {
          "name": "CVE-2025-36097",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
        },
        {
          "name": "CVE-2020-16971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-16971"
        },
        {
          "name": "CVE-2022-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
        },
        {
          "name": "CVE-2022-3509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
        },
        {
          "name": "CVE-2025-4565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
        },
        {
          "name": "CVE-2025-5318",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
        },
        {
          "name": "CVE-2025-36186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
        },
        {
          "name": "CVE-2024-56347",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56347"
        },
        {
          "name": "CVE-2025-37797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
        },
        {
          "name": "CVE-2025-61795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
        },
        {
          "name": "CVE-2024-7254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
        },
        {
          "name": "CVE-2024-52533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
        },
        {
          "name": "CVE-2023-53125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53125"
        },
        {
          "name": "CVE-2025-32990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
        },
        {
          "name": "CVE-2025-2518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
        },
        {
          "name": "CVE-2025-41244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
        },
        {
          "name": "CVE-2022-49985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49985"
        },
        {
          "name": "CVE-2025-50059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
        },
        {
          "name": "CVE-2025-1493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
        },
        {
          "name": "CVE-2025-38556",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
        },
        {
          "name": "CVE-2023-26133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
        },
        {
          "name": "CVE-2024-47252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
        },
        {
          "name": "CVE-2025-30761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
        },
        {
          "name": "CVE-2025-36096",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36096"
        },
        {
          "name": "CVE-2025-3050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
        },
        {
          "name": "CVE-2025-38718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
        },
        {
          "name": "CVE-2025-38392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38392"
        },
        {
          "name": "CVE-2023-53373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53373"
        },
        {
          "name": "CVE-2025-32988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
        },
        {
          "name": "CVE-2025-0915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
        },
        {
          "name": "CVE-2024-52903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
        },
        {
          "name": "CVE-2025-38352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
        },
        {
          "name": "CVE-2025-30749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
        },
        {
          "name": "CVE-2023-45287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
        },
        {
          "name": "CVE-2024-56346",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56346"
        },
        {
          "name": "CVE-2025-38350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
        },
        {
          "name": "CVE-2025-1000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
        },
        {
          "name": "CVE-2022-31197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31197"
        },
        {
          "name": "CVE-2025-40928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40928"
        },
        {
          "name": "CVE-2022-50087",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50087"
        },
        {
          "name": "CVE-2025-38498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2022-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
        },
        {
          "name": "CVE-2025-49630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2025-33150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33150"
        },
        {
          "name": "CVE-2025-47273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
        },
        {
          "name": "CVE-2024-6345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
        },
        {
          "name": "CVE-2024-57699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
        },
        {
          "name": "CVE-2024-47619",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
        }
      ],
      "initial_release_date": "2025-11-14T00:00:00",
      "last_revision_date": "2025-11-14T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1013",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-14T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        },
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Injection SQL (SQLi)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250959",
          "url": "https://www.ibm.com/support/pages/node/7250959"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249983",
          "url": "https://www.ibm.com/support/pages/node/7249983"
        },
        {
          "published_at": "2025-11-11",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250785",
          "url": "https://www.ibm.com/support/pages/node/7250785"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249992",
          "url": "https://www.ibm.com/support/pages/node/7249992"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249994",
          "url": "https://www.ibm.com/support/pages/node/7249994"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250921",
          "url": "https://www.ibm.com/support/pages/node/7250921"
        },
        {
          "published_at": "2025-11-07",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250486",
          "url": "https://www.ibm.com/support/pages/node/7250486"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250907",
          "url": "https://www.ibm.com/support/pages/node/7250907"
        },
        {
          "published_at": "2025-11-07",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250395",
          "url": "https://www.ibm.com/support/pages/node/7250395"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250956",
          "url": "https://www.ibm.com/support/pages/node/7250956"
        },
        {
          "published_at": "2025-11-10",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250763",
          "url": "https://www.ibm.com/support/pages/node/7250763"
        },
        {
          "published_at": "2025-11-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
          "url": "https://www.ibm.com/support/pages/node/7250474"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250971",
          "url": "https://www.ibm.com/support/pages/node/7250971"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250926",
          "url": "https://www.ibm.com/support/pages/node/7250926"
        },
        {
          "published_at": "2025-11-13",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7251173",
          "url": "https://www.ibm.com/support/pages/node/7251173"
        }
      ]
    }

    CERTFR-2025-AVI-0651

    Vulnerability from certfr_avis - Published: 2025-08-01 - Updated: 2025-08-01

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Informix Dynamic Server Informix Dynamic Server versions 14.10.x sans le dernier correctif de sécurité
    IBM Db2 Db2 versions 12.1.x antérieures à 12.1.2
    IBM QRadar QRadar Investigation Assistant versions 1.x antérieures à 1.1.0
    IBM Informix Dynamic Server Informix Dynamic Server versions 12.10.x sans le dernier correctif de sécurité
    IBM Cognos Analytics Cognos Analytics 12.1.x antérieures à 12.1.0 IF2
    IBM WebSphere WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité PH67120 et PH67183
    IBM Db2 Db2 versions 11.1.x antérieures à 11.1.4 FP7 sans le dernier correctif de sécurité temporaire
    IBM Tivoli Tivoli System Automation Application Manager 4.1 sans le correctif de sécurité pour WebSphere Application Server 9.0
    IBM Cognos Analytics Cognos Analytics 11.2.x antérieures à 11.2.4 FP6
    IBM Db2 Db2 versions 11.5.x antérieures à 11.5.9 sans le dernier correctif de sécurité temporaire
    IBM Cognos Analytics Cognos Analytics 12.0.x antérieures à 12.0.4 FP1
    IBM Db2 Db2 versions 10.5.x antérieures à 10.5 FP11 sans le dernier correctif de sécurité temporaire
    References
    Bulletin de sécurité IBM 7240941 2025-07-29 vendor-advisory
    Bulletin de sécurité IBM 7240649 2025-07-25 vendor-advisory
    Bulletin de sécurité IBM 7240898 2025-07-28 vendor-advisory
    Bulletin de sécurité IBM 7240775 2025-07-28 vendor-advisory
    Bulletin de sécurité IBM 7240798 2025-07-28 vendor-advisory
    Bulletin de sécurité IBM 7239462 2025-07-25 vendor-advisory
    Bulletin de sécurité IBM 7240952 2025-07-29 vendor-advisory
    Bulletin de sécurité IBM 7240940 2025-07-29 vendor-advisory
    Bulletin de sécurité IBM 7240946 2025-07-29 vendor-advisory
    Bulletin de sécurité IBM 7240777 2025-07-28 vendor-advisory
    Bulletin de sécurité IBM 7240899 2025-07-28 vendor-advisory
    Bulletin de sécurité IBM 7240977 2025-07-29 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Informix Dynamic Server versions 14.10.x sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Informix Dynamic Server",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.2",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Investigation Assistant versions 1.x ant\u00e9rieures \u00e0 1.1.0",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Informix Dynamic Server versions 12.10.x sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Informix Dynamic Server",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics\t12.1.x ant\u00e9rieures \u00e0 12.1.0 IF2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 PH67120 et PH67183",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP7 sans le dernier correctif de s\u00e9curit\u00e9 temporaire",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Tivoli System Automation Application Manager 4.1 sans le correctif de s\u00e9curit\u00e9 pour WebSphere Application Server 9.0",
          "product": {
            "name": "Tivoli",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics\t11.2.x ant\u00e9rieures \u00e0 11.2.4 FP6",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le dernier correctif de s\u00e9curit\u00e9 temporaire",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics\t12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11 sans le dernier correctif de s\u00e9curit\u00e9 temporaire",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-0755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
        },
        {
          "name": "CVE-2024-21144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
        },
        {
          "name": "CVE-2024-49342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49342"
        },
        {
          "name": "CVE-2024-45492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
        },
        {
          "name": "CVE-2025-30472",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
        },
        {
          "name": "CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "name": "CVE-2025-33092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
        },
        {
          "name": "CVE-2023-22081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
        },
        {
          "name": "CVE-2025-36097",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
        },
        {
          "name": "CVE-2024-45490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
        },
        {
          "name": "CVE-2024-45491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
        },
        {
          "name": "CVE-2025-50182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
        },
        {
          "name": "CVE-2025-50181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
        },
        {
          "name": "CVE-2023-22067",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
        },
        {
          "name": "CVE-2024-21147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
        },
        {
          "name": "CVE-2024-21140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
        },
        {
          "name": "CVE-2024-49343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49343"
        },
        {
          "name": "CVE-2025-47278",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
        },
        {
          "name": "CVE-2024-21138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
        },
        {
          "name": "CVE-2024-47081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
        },
        {
          "name": "CVE-2023-5676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
        },
        {
          "name": "CVE-2024-21145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
        },
        {
          "name": "CVE-2024-50602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
        },
        {
          "name": "CVE-2025-5889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
        },
        {
          "name": "CVE-2025-27607",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27607"
        },
        {
          "name": "CVE-2025-48387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
        },
        {
          "name": "CVE-2024-21131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
        },
        {
          "name": "CVE-2024-27267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
        }
      ],
      "initial_release_date": "2025-08-01T00:00:00",
      "last_revision_date": "2025-08-01T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0651",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-08-01T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-07-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240941",
          "url": "https://www.ibm.com/support/pages/node/7240941"
        },
        {
          "published_at": "2025-07-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240649",
          "url": "https://www.ibm.com/support/pages/node/7240649"
        },
        {
          "published_at": "2025-07-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240898",
          "url": "https://www.ibm.com/support/pages/node/7240898"
        },
        {
          "published_at": "2025-07-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240775",
          "url": "https://www.ibm.com/support/pages/node/7240775"
        },
        {
          "published_at": "2025-07-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240798",
          "url": "https://www.ibm.com/support/pages/node/7240798"
        },
        {
          "published_at": "2025-07-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239462",
          "url": "https://www.ibm.com/support/pages/node/7239462"
        },
        {
          "published_at": "2025-07-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240952",
          "url": "https://www.ibm.com/support/pages/node/7240952"
        },
        {
          "published_at": "2025-07-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240940",
          "url": "https://www.ibm.com/support/pages/node/7240940"
        },
        {
          "published_at": "2025-07-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240946",
          "url": "https://www.ibm.com/support/pages/node/7240946"
        },
        {
          "published_at": "2025-07-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240777",
          "url": "https://www.ibm.com/support/pages/node/7240777"
        },
        {
          "published_at": "2025-07-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240899",
          "url": "https://www.ibm.com/support/pages/node/7240899"
        },
        {
          "published_at": "2025-07-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7240977",
          "url": "https://www.ibm.com/support/pages/node/7240977"
        }
      ]
    }

    CERTFR-2025-AVI-0608

    Vulnerability from certfr_avis - Published: 2025-07-18 - Updated: 2025-07-18

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM QRadar SIEM QRadar SIEM versions 7.5.0 sans les derniers correctifs de sécurité pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI
    IBM QRadar SIEM QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP12 IF03
    IBM WebSphere WebSphere Remote Server sans les derniers correctifs de sécurité
    IBM Sterling Connect:Direct Sterling Connect:Direct versions 6.4.x antérieures à 6.4.0.2 pour Unix
    IBM Sterling Sterling Connect:Direct FTP+ versions 1.3.0 antérieures à 1.3.0.1
    IBM Db2 Query Management Facility Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45
    IBM Sterling Connect:Direct Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5 pour Unix
    IBM Cognos Analytics Cognos Analytics versions 11.2.x antérieures à 11.2.3
    IBM Sterling Connect:Direct Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.7 pour Windows
    IBM QRadar Incident Forensics QRadar Incident Forensics versions 7.5.0 antérieures à 7.5.0 UP12 IF03
    IBM WebSphere WebSphere Application Server Liberty versions antérieures à 25.0.0.8
    IBM Sterling Connect:Direct Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.7.iFix052 pour Unix
    IBM Cognos Analytics Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 5
    IBM WebSphere WebSphere Application Server versions 9.0.0.x antérieures à 9.0.5.25
    IBM WebSphere WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif PH67142 iFix
    References
    Bulletin de sécurité IBM 7239645 2025-07-14 vendor-advisory
    Bulletin de sécurité IBM 7239617 2025-07-14 vendor-advisory
    Bulletin de sécurité IBM 7239753 2025-07-15 vendor-advisory
    Bulletin de sécurité IBM 7239757 2025-07-15 vendor-advisory
    Bulletin de sécurité IBM 7239856 2025-07-16 vendor-advisory
    Bulletin de sécurité IBM 7239492 2025-07-11 vendor-advisory
    Bulletin de sécurité IBM 6615285 2025-07-15 vendor-advisory
    Bulletin de sécurité IBM 7239816 2025-07-15 vendor-advisory
    Bulletin de sécurité IBM 7239564 2025-07-11 vendor-advisory
    Bulletin de sécurité IBM 7239627 2025-07-14 vendor-advisory
    Bulletin de sécurité IBM 7239598 2025-07-14 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QRadar SIEM versions 7.5.0 sans les derniers correctifs de s\u00e9curit\u00e9 pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI",
          "product": {
            "name": "QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
          "product": {
            "name": "QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.2 pour Unix",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct FTP+ versions 1.3.0 ant\u00e9rieures \u00e0 1.3.0.1",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45",
          "product": {
            "name": "Db2 Query Management Facility",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5 pour Unix",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7 pour Windows",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
          "product": {
            "name": "QRadar Incident Forensics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 25.0.0.8",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7.iFix052 pour Unix",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 5",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 9.0.0.x ant\u00e9rieures \u00e0 9.0.5.25",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif PH67142 iFix",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-4447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
        },
        {
          "name": "CVE-2020-4301",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-4301"
        },
        {
          "name": "CVE-2024-52005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52005"
        },
        {
          "name": "CVE-2021-20468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-20468"
        },
        {
          "name": "CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "name": "CVE-2025-49125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
        },
        {
          "name": "CVE-2021-29823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29823"
        },
        {
          "name": "CVE-2021-44532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
        },
        {
          "name": "CVE-2025-36097",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
        },
        {
          "name": "CVE-2022-36773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36773"
        },
        {
          "name": "CVE-2021-3807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
        },
        {
          "name": "CVE-2025-48976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
        },
        {
          "name": "CVE-2025-21587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
        },
        {
          "name": "CVE-2022-29078",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"
        },
        {
          "name": "CVE-2023-33953",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33953"
        },
        {
          "name": "CVE-2021-23438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23438"
        },
        {
          "name": "CVE-2021-43797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
        },
        {
          "name": "CVE-2023-32732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
        },
        {
          "name": "CVE-2025-48988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
        },
        {
          "name": "CVE-2022-30614",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30614"
        },
        {
          "name": "CVE-2025-30698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
        },
        {
          "name": "CVE-2022-49395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49395"
        },
        {
          "name": "CVE-2021-44533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
        },
        {
          "name": "CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "name": "CVE-2021-29418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29418"
        },
        {
          "name": "CVE-2020-36518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
        },
        {
          "name": "CVE-2021-39045",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39045"
        },
        {
          "name": "CVE-2022-21824",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
        },
        {
          "name": "CVE-2022-21803",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21803"
        },
        {
          "name": "CVE-2021-39009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39009"
        },
        {
          "name": "CVE-2025-32414",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
        },
        {
          "name": "CVE-2020-16156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
        },
        {
          "name": "CVE-2025-2900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
        },
        {
          "name": "CVE-2025-5283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
        },
        {
          "name": "CVE-2021-44531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
        },
        {
          "name": "CVE-2021-28918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28918"
        },
        {
          "name": "CVE-2025-36038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
        },
        {
          "name": "CVE-2020-28469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
        },
        {
          "name": "CVE-2021-3749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
        },
        {
          "name": "CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        }
      ],
      "initial_release_date": "2025-07-18T00:00:00",
      "last_revision_date": "2025-07-18T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0608",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-07-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239645",
          "url": "https://www.ibm.com/support/pages/node/7239645"
        },
        {
          "published_at": "2025-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239617",
          "url": "https://www.ibm.com/support/pages/node/7239617"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239753",
          "url": "https://www.ibm.com/support/pages/node/7239753"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239757",
          "url": "https://www.ibm.com/support/pages/node/7239757"
        },
        {
          "published_at": "2025-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239856",
          "url": "https://www.ibm.com/support/pages/node/7239856"
        },
        {
          "published_at": "2025-07-11",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239492",
          "url": "https://www.ibm.com/support/pages/node/7239492"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 6615285",
          "url": "https://www.ibm.com/support/pages/node/6615285"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239816",
          "url": "https://www.ibm.com/support/pages/node/7239816"
        },
        {
          "published_at": "2025-07-11",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239564",
          "url": "https://www.ibm.com/support/pages/node/7239564"
        },
        {
          "published_at": "2025-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239627",
          "url": "https://www.ibm.com/support/pages/node/7239627"
        },
        {
          "published_at": "2025-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239598",
          "url": "https://www.ibm.com/support/pages/node/7239598"
        }
      ]
    }

    CERTFR-2025-AVI-0562

    Vulnerability from certfr_avis - Published: 2025-07-04 - Updated: 2025-07-04

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Db2 DB2 Data Management Console versions 3.1.x postérieures à 3.1.11 et antérieures à 3.1.13.1
    IBM Cognos Analytics Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP6
    IBM Sterling Sterling Transformation Extender version 10.1.1.1 sans le correctif de sécurité APAR PH67014
    IBM Sterling Sterling Transformation Extender version 11.0.0.0 sans le correctif de sécurité APAR PH67014
    IBM Sterling Sterling Transformation Extender version 10.1.0.2 sans le correctif de sécurité APAR PH67014
    IBM Cognos Analytics Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1
    IBM Sterling Sterling Transformation Extender version 10.1.2.1 sans le correctif de sécurité APAR PH67014
    IBM Informix Dynamic Server Informix Dynamic Server versions 14.10.x antérieures à 14.10.xC11W2
    IBM Sterling Connect:Direct Sterling Connect:Direct File Agent versions 1.4.0.x antérieures à 1.4.0.4
    IBM Sterling Sterling Transformation Extender versions 11.0.1.x antérieures à 11.0.1.1 sans le correctif de sécurité APAR PH67016
    IBM Db2 DB2 Data Management Console pour CPD versions antérieures à 5.1.2
    IBM Informix Dynamic Server Informix Dynamic Server versions 12.10.x antérieures à 12.10.xC16W2
    References
    Bulletin de sécurité IBM 7238455 2025-06-28 vendor-advisory
    Bulletin de sécurité IBM 7238755 2025-07-02 vendor-advisory
    Bulletin de sécurité IBM 7238833 2025-07-03 vendor-advisory
    Bulletin de sécurité IBM 7238824 2025-07-03 vendor-advisory
    Bulletin de sécurité IBM 7238831 2025-07-03 vendor-advisory
    Bulletin de sécurité IBM 7238826 2025-07-03 vendor-advisory
    Bulletin de sécurité IBM 7238830 2025-07-03 vendor-advisory
    Bulletin de sécurité IBM 7238753 2025-07-02 vendor-advisory
    Bulletin de sécurité IBM 7238163 2025-06-27 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "DB2 Data Management Console versions 3.1.x post\u00e9rieures \u00e0 3.1.11 et ant\u00e9rieures \u00e0 3.1.13.1",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP6",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender version 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender version 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender version 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender version 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Informix Dynamic Server versions 14.10.x ant\u00e9rieures \u00e0 14.10.xC11W2",
          "product": {
            "name": "Informix Dynamic Server",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.4",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.1.x ant\u00e9rieures \u00e0 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67016",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 5.1.2",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Informix Dynamic Server versions 12.10.x ant\u00e9rieures \u00e0 12.10.xC16W2",
          "product": {
            "name": "Informix Dynamic Server",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-21235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
        },
        {
          "name": "CVE-2025-4447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
        },
        {
          "name": "CVE-2024-21144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
        },
        {
          "name": "CVE-2021-43816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
        },
        {
          "name": "CVE-2024-21534",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
        },
        {
          "name": "CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "name": "CVE-2022-32149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
        },
        {
          "name": "CVE-2024-10917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
        },
        {
          "name": "CVE-2025-1302",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
        },
        {
          "name": "CVE-2025-27152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
        },
        {
          "name": "CVE-2025-21587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
        },
        {
          "name": "CVE-2024-7254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
        },
        {
          "name": "CVE-2024-52900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52900"
        },
        {
          "name": "CVE-2024-47535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
        },
        {
          "name": "CVE-2025-30698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
        },
        {
          "name": "CVE-2024-27289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
        },
        {
          "name": "CVE-2022-41721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
        },
        {
          "name": "CVE-2025-25193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
        },
        {
          "name": "CVE-2024-21145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
        },
        {
          "name": "CVE-2024-4741",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
        },
        {
          "name": "CVE-2025-2900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
        },
        {
          "name": "CVE-2025-1991",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1991"
        },
        {
          "name": "CVE-2022-23648",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
        },
        {
          "name": "CVE-2023-39325",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
        },
        {
          "name": "CVE-2024-21131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
        },
        {
          "name": "CVE-2024-21210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
        },
        {
          "name": "CVE-2024-2511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
        },
        {
          "name": "CVE-2022-21698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
        },
        {
          "name": "CVE-2024-21217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
        },
        {
          "name": "CVE-2024-27267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
        },
        {
          "name": "CVE-2022-27664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
        },
        {
          "name": "CVE-2024-21208",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
        }
      ],
      "initial_release_date": "2025-07-04T00:00:00",
      "last_revision_date": "2025-07-04T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0562",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-07-04T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Injection SQL (SQLi)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-06-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238455",
          "url": "https://www.ibm.com/support/pages/node/7238455"
        },
        {
          "published_at": "2025-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238755",
          "url": "https://www.ibm.com/support/pages/node/7238755"
        },
        {
          "published_at": "2025-07-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238833",
          "url": "https://www.ibm.com/support/pages/node/7238833"
        },
        {
          "published_at": "2025-07-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238824",
          "url": "https://www.ibm.com/support/pages/node/7238824"
        },
        {
          "published_at": "2025-07-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238831",
          "url": "https://www.ibm.com/support/pages/node/7238831"
        },
        {
          "published_at": "2025-07-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238826",
          "url": "https://www.ibm.com/support/pages/node/7238826"
        },
        {
          "published_at": "2025-07-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238830",
          "url": "https://www.ibm.com/support/pages/node/7238830"
        },
        {
          "published_at": "2025-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238753",
          "url": "https://www.ibm.com/support/pages/node/7238753"
        },
        {
          "published_at": "2025-06-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238163",
          "url": "https://www.ibm.com/support/pages/node/7238163"
        }
      ]
    }

    CERTFR-2025-AVI-0512

    Vulnerability from certfr_avis - Published: 2025-06-13 - Updated: 2025-06-13

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Security QRadar EDR Security QRadar EDR versions antérieures à 3.12.16
    IBM Db2 Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data
    IBM Cognos Analytics Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1
    IBM Cognos Analytics Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4
    IBM Db2 Warehouse Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data
    References
    Bulletin de sécurité IBM 7236500 2025-06-12 vendor-advisory
    Bulletin de sécurité IBM 7234674 2025-06-11 vendor-advisory
    Bulletin de sécurité IBM 7236354 2025-06-11 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
          "product": {
            "name": "Security QRadar EDR",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
          "product": {
            "name": "Db2 Warehouse",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-0917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
        },
        {
          "name": "CVE-2018-19361",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
        },
        {
          "name": "CVE-2023-29483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
        },
        {
          "name": "CVE-2021-33036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
        },
        {
          "name": "CVE-2019-17267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
        },
        {
          "name": "CVE-2024-22201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
        },
        {
          "name": "CVE-2025-27516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
        },
        {
          "name": "CVE-2018-14719",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
        },
        {
          "name": "CVE-2020-9546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
        },
        {
          "name": "CVE-2024-28757",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
        },
        {
          "name": "CVE-2025-47944",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
        },
        {
          "name": "CVE-2024-12797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
        },
        {
          "name": "CVE-2025-30065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
        },
        {
          "name": "CVE-2025-27219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
        },
        {
          "name": "CVE-2024-25638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
        },
        {
          "name": "CVE-2023-45853",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
        },
        {
          "name": "CVE-2017-9047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
        },
        {
          "name": "CVE-2020-9548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
        },
        {
          "name": "CVE-2023-45288",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
        },
        {
          "name": "CVE-2023-45178",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
        },
        {
          "name": "CVE-2024-47076",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
        },
        {
          "name": "CVE-2024-47177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
        },
        {
          "name": "CVE-2022-30635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
        },
        {
          "name": "CVE-2022-26612",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
        },
        {
          "name": "CVE-2024-56171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
        },
        {
          "name": "CVE-2024-1975",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
        },
        {
          "name": "CVE-2024-47561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
        },
        {
          "name": "CVE-2019-16942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
        },
        {
          "name": "CVE-2024-31881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
        },
        {
          "name": "CVE-2020-9547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
        },
        {
          "name": "CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "name": "CVE-2018-14718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
        },
        {
          "name": "CVE-2025-0923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
        },
        {
          "name": "CVE-2024-29857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
        },
        {
          "name": "CVE-2018-19360",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
        },
        {
          "name": "CVE-2024-1737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
        },
        {
          "name": "CVE-2024-31880",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
        },
        {
          "name": "CVE-2024-29025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
        },
        {
          "name": "CVE-2019-16335",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
        },
        {
          "name": "CVE-2024-28762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
        },
        {
          "name": "CVE-2018-7489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
        },
        {
          "name": "CVE-2019-14893",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
        },
        {
          "name": "CVE-2023-50298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
        },
        {
          "name": "CVE-2024-26308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
        },
        {
          "name": "CVE-2024-53197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
        },
        {
          "name": "CVE-2025-43859",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
        },
        {
          "name": "CVE-2024-30172",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
        },
        {
          "name": "CVE-2024-51744",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
        },
        {
          "name": "CVE-2024-45338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
        },
        {
          "name": "CVE-2024-23454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
        },
        {
          "name": "CVE-2022-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
        },
        {
          "name": "CVE-2022-3509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
        },
        {
          "name": "CVE-2025-27152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
        },
        {
          "name": "CVE-2024-21634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
        },
        {
          "name": "CVE-2024-29131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
        },
        {
          "name": "CVE-2024-37529",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
        },
        {
          "name": "CVE-2025-22868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
        },
        {
          "name": "CVE-2021-25642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
        },
        {
          "name": "CVE-2024-53382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
        },
        {
          "name": "CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "name": "CVE-2024-45337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
        },
        {
          "name": "CVE-2023-39410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
        },
        {
          "name": "CVE-2024-25710",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
        },
        {
          "name": "CVE-2024-7254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
        },
        {
          "name": "CVE-2020-9492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
        },
        {
          "name": "CVE-2025-27220",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
        },
        {
          "name": "CVE-2024-29133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
        },
        {
          "name": "CVE-2019-16943",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
        },
        {
          "name": "CVE-2024-12905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
        },
        {
          "name": "CVE-2024-41946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
        },
        {
          "name": "CVE-2024-52046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
        },
        {
          "name": "CVE-2021-37404",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
        },
        {
          "name": "CVE-2025-47935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
        },
        {
          "name": "CVE-2017-7525",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
        },
        {
          "name": "CVE-2019-20330",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
        },
        {
          "name": "CVE-2023-44981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
        },
        {
          "name": "CVE-2024-34156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
        },
        {
          "name": "CVE-2019-17531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
        },
        {
          "name": "CVE-2024-52798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
        },
        {
          "name": "CVE-2024-47535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
        },
        {
          "name": "CVE-2023-52428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
        },
        {
          "name": "CVE-2024-25062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
        },
        {
          "name": "CVE-2020-8840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
        },
        {
          "name": "CVE-2024-10963",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
        },
        {
          "name": "CVE-2024-57965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
        },
        {
          "name": "CVE-2023-29267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
        },
        {
          "name": "CVE-2024-31882",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
        },
        {
          "name": "CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "name": "CVE-2024-4603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
        },
        {
          "name": "CVE-2025-25193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
        },
        {
          "name": "CVE-2018-14720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
        },
        {
          "name": "CVE-2024-47176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
        },
        {
          "name": "CVE-2025-22870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
        },
        {
          "name": "CVE-2024-30171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
        },
        {
          "name": "CVE-2023-52922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
        },
        {
          "name": "CVE-2019-14540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
        },
        {
          "name": "CVE-2025-27789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
        },
        {
          "name": "CVE-2024-6827",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
        },
        {
          "name": "CVE-2018-14721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
        },
        {
          "name": "CVE-2018-11307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
        },
        {
          "name": "CVE-2024-3651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
        },
        {
          "name": "CVE-2025-27363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
        },
        {
          "name": "CVE-2022-42969",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
        },
        {
          "name": "CVE-2025-24928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
        },
        {
          "name": "CVE-2024-41091",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
        },
        {
          "name": "CVE-2024-35152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
        },
        {
          "name": "CVE-2019-14379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
        },
        {
          "name": "CVE-2025-25032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
        },
        {
          "name": "CVE-2023-42282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
        },
        {
          "name": "CVE-2025-30204",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
        },
        {
          "name": "CVE-2022-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
        },
        {
          "name": "CVE-2024-47175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
        },
        {
          "name": "CVE-2024-41123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
        },
        {
          "name": "CVE-2023-39663",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
        },
        {
          "name": "CVE-2024-35136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
        },
        {
          "name": "CVE-2022-25168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
        },
        {
          "name": "CVE-2024-49761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
        },
        {
          "name": "CVE-2024-6345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
        },
        {
          "name": "CVE-2019-14892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
        }
      ],
      "initial_release_date": "2025-06-13T00:00:00",
      "last_revision_date": "2025-06-13T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0512",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-06-13T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-06-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
          "url": "https://www.ibm.com/support/pages/node/7236500"
        },
        {
          "published_at": "2025-06-11",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
          "url": "https://www.ibm.com/support/pages/node/7234674"
        },
        {
          "published_at": "2025-06-11",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
          "url": "https://www.ibm.com/support/pages/node/7236354"
        }
      ]
    }

    CERTFR-2025-AVI-0370

    Vulnerability from certfr_avis - Published: 2025-05-02 - Updated: 2025-05-02

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Sterling B2B Integrator IBM Sterling B2B Integrator versions 6.1.x antérieures à 6.1.1.0
    IBM VIOS VIOS se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation
    IBM Cognos Analytics Cognos Analytics versions 12.1.x antérieures à 12.1.0 IF1
    IBM Cognos PowerPlay Cognos PowerPlay versions 12.1.x antérieures à 12.1.0 IF1
    IBM Sterling B2B Integrator IBM Sterling B2B Integrator versions antérieures à 6.0.0.7
    IBM Cognos Transformer Cognos Transformer versions 11.2.x antérieures à 11.2.4 FP5
    IBM Cognos Transformer Cognos Transformer versions 12.1.x antérieures à 12.1.0 IF1
    IBM Sterling B2B Integrator IBM Sterling B2B Integrator versions 6.1.0.x antérieures à 6.1.0.3
    IBM QRadar SIEM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF04
    IBM Cognos Analytics Cognos Analytics versions 11.2.x antérieures à 11.2.4.5 IF5
    IBM WebSphere Automation WebSphere Automation versions antérieures à 1.8.2
    IBM Sterling B2B Integrator IBM Sterling B2B Integrator versions 6.0.3.x antérieures à 6.0.3.5
    IBM AIX AIX se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation
    IBM Cognos Transformer Cognos Transformer versions 12.0.x antérieures à 12.0.4 IF3
    IBM Cognos Analytics Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF3
    References
    Bulletin de sécurité IBM 6495961 2025-04-28 vendor-advisory
    Bulletin de sécurité IBM 7231738 2025-04-29 vendor-advisory
    Bulletin de sécurité IBM 7231815 2025-04-25 vendor-advisory
    Bulletin de sécurité IBM 7231900 2025-04-29 vendor-advisory
    Bulletin de sécurité IBM 7179496 2025-04-30 vendor-advisory
    Bulletin de sécurité IBM 7231901 2025-04-29 vendor-advisory
    Bulletin de sécurité IBM 7231915 2025-04-26 vendor-advisory
    Bulletin de sécurité IBM 7232177 2025-04-30 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "IBM Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.0",
          "product": {
            "name": "Sterling B2B Integrator",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "VIOS se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
          "product": {
            "name": "VIOS",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos PowerPlay versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
          "product": {
            "name": "Cognos PowerPlay",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.0.0.7",
          "product": {
            "name": "Sterling B2B Integrator",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Transformer versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
          "product": {
            "name": "Cognos Transformer",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Transformer versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
          "product": {
            "name": "Cognos Transformer",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3",
          "product": {
            "name": "Sterling B2B Integrator",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF04",
          "product": {
            "name": "QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.5 IF5",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Automation versions ant\u00e9rieures \u00e0 1.8.2",
          "product": {
            "name": "WebSphere Automation",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Sterling B2B Integrator versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.5",
          "product": {
            "name": "Sterling B2B Integrator",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Transformer versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
          "product": {
            "name": "Cognos Transformer",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2016-6797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
        },
        {
          "name": "CVE-2016-8735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
        },
        {
          "name": "CVE-2025-27516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
        },
        {
          "name": "CVE-2020-8022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
        },
        {
          "name": "CVE-2011-3190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
        },
        {
          "name": "CVE-2017-9047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
        },
        {
          "name": "CVE-2025-24813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
        },
        {
          "name": "CVE-2024-50302",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
        },
        {
          "name": "CVE-2024-56171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
        },
        {
          "name": "CVE-2022-49043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
        },
        {
          "name": "CVE-2016-0714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
        },
        {
          "name": "CVE-2024-11218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-11218"
        },
        {
          "name": "CVE-2014-0230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
        },
        {
          "name": "CVE-2024-53197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
        },
        {
          "name": "CVE-2013-2185",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
        },
        {
          "name": "CVE-2006-7197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-7197"
        },
        {
          "name": "CVE-2024-40695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40695"
        },
        {
          "name": "CVE-2024-57807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
        },
        {
          "name": "CVE-2025-21785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
        },
        {
          "name": "CVE-2016-6816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
        },
        {
          "name": "CVE-2024-57979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
        },
        {
          "name": "CVE-2016-5018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
        },
        {
          "name": "CVE-2023-52922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
        },
        {
          "name": "CVE-2024-51466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-51466"
        },
        {
          "name": "CVE-2025-27363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
        },
        {
          "name": "CVE-2025-24928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
        },
        {
          "name": "CVE-2017-5647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
        },
        {
          "name": "CVE-2025-0624",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
        },
        {
          "name": "CVE-2016-5388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
        },
        {
          "name": "CVE-2016-6796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
        },
        {
          "name": "CVE-2020-11023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
        }
      ],
      "initial_release_date": "2025-05-02T00:00:00",
      "last_revision_date": "2025-05-02T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0370",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-05-02T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        },
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-04-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 6495961",
          "url": "https://www.ibm.com/support/pages/node/6495961"
        },
        {
          "published_at": "2025-04-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231738",
          "url": "https://www.ibm.com/support/pages/node/7231738"
        },
        {
          "published_at": "2025-04-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231815",
          "url": "https://www.ibm.com/support/pages/node/7231815"
        },
        {
          "published_at": "2025-04-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231900",
          "url": "https://www.ibm.com/support/pages/node/7231900"
        },
        {
          "published_at": "2025-04-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179496",
          "url": "https://www.ibm.com/support/pages/node/7179496"
        },
        {
          "published_at": "2025-04-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231901",
          "url": "https://www.ibm.com/support/pages/node/7231901"
        },
        {
          "published_at": "2025-04-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231915",
          "url": "https://www.ibm.com/support/pages/node/7231915"
        },
        {
          "published_at": "2025-04-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7232177",
          "url": "https://www.ibm.com/support/pages/node/7232177"
        }
      ]
    }

    CERTFR-2025-AVI-0186

    Vulnerability from certfr_avis - Published: 2025-03-07 - Updated: 2025-03-07

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cognos Analytics IBM Cognos Analytics Mobile pour Android versions 1.1.x antérieures à 1.1.21
    IBM Cognos Analytics IBM Cognos Analytics Mobile pour iOS versions 1.1.x antérieures à 1.1.21
    IBM Cloud Pak System Cloud Pak System versions antérieures à 2.3.5.0 pour Power
    IBM Security QRadar SIEM QRadar Pulse application versions antérieures à 2.2.16
    IBM Cloud Pak System Cloud Pak System versions 2.3.3.x antérieures à 2.3.4.1 pour Intel
    References
    Bulletin de sécurité IBM 7184659 2025-03-03 vendor-advisory
    Bulletin de sécurité IBM 7184429 2025-03-01 vendor-advisory
    Bulletin de sécurité IBM 7184955 2025-03-06 vendor-advisory
    Bulletin de sécurité IBM 7184430 2025-03-01 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "IBM Cognos Analytics Mobile pour Android versions 1.1.x ant\u00e9rieures \u00e0 1.1.21",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Cognos Analytics Mobile pour iOS versions 1.1.x ant\u00e9rieures \u00e0 1.1.21",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cloud Pak System  versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Pulse application versions ant\u00e9rieures \u00e0 2.2.16",
          "product": {
            "name": "Security QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cloud Pak System versions 2.3.3.x  ant\u00e9rieures \u00e0 2.3.4.1 pour Intel",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-42459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
        },
        {
          "name": "CVE-2024-55907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-55907"
        },
        {
          "name": "CVE-2024-43799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
        },
        {
          "name": "CVE-2024-42460",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
        },
        {
          "name": "CVE-2024-25026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
        },
        {
          "name": "CVE-2024-47764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
        },
        {
          "name": "CVE-2024-48948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
        },
        {
          "name": "CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "name": "CVE-2025-0895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0895"
        },
        {
          "name": "CVE-2024-52798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
        },
        {
          "name": "CVE-2024-43800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
        },
        {
          "name": "CVE-2024-42461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
        },
        {
          "name": "CVE-2024-26026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26026"
        }
      ],
      "initial_release_date": "2025-03-07T00:00:00",
      "last_revision_date": "2025-03-07T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0186",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-07T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-03-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184659",
          "url": "https://www.ibm.com/support/pages/node/7184659"
        },
        {
          "published_at": "2025-03-01",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184429",
          "url": "https://www.ibm.com/support/pages/node/7184429"
        },
        {
          "published_at": "2025-03-06",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184955",
          "url": "https://www.ibm.com/support/pages/node/7184955"
        },
        {
          "published_at": "2025-03-01",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184430",
          "url": "https://www.ibm.com/support/pages/node/7184430"
        }
      ]
    }

    CERTFR-2025-AVI-0170

    Vulnerability from certfr_avis - Published: 2025-02-28 - Updated: 2025-02-28

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cognos Analytics Cognos Analytics versions 11.2.x antérieures à 12.2.4 IF4
    IBM QRadar QRadar Data Synchronization versions antérieures à 3.2.1
    IBM Sterling Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 iFix 02
    IBM WebSphere WebSphere Application Server versions 9.0.x sans le correctif de sécurité temporaire PH16353 ou antérieures à 9.0.5.2
    IBM Sterling Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 iFix 02
    IBM Cognos Dashboards Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de sécurité
    IBM Cognos Analytics Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF2
    IBM Sterling Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 iFix 02
    IBM Sterling Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.1 iFix 01
    IBM Cognos Dashboards Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.1
    References
    Bulletin de sécurité IBM 7183676 2025-02-27 vendor-advisory
    Bulletin de sécurité IBM 1107105 2019-11-14 vendor-advisory
    Bulletin de sécurité IBM 7184475 2025-02-28 vendor-advisory
    Bulletin de sécurité IBM 7184474 2025-02-28 vendor-advisory
    Bulletin de sécurité IBM 7184092 2025-02-25 vendor-advisory
    Bulletin de sécurité IBM 7184217 2025-02-27 vendor-advisory
    Bulletin de sécurité IBM 7184476 2025-02-28 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 12.2.4 IF4",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Data Synchronization versions ant\u00e9rieures \u00e0 3.2.1",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 iFix 02",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH16353 ou ant\u00e9rieures \u00e0 9.0.5.2",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 02",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Cognos Dashboards",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 iFix 02",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.1 iFix 01",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.1",
          "product": {
            "name": "Cognos Dashboards",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-21536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
        },
        {
          "name": "CVE-2021-44906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
        },
        {
          "name": "CVE-2023-35946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-35946"
        },
        {
          "name": "CVE-2024-21235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
        },
        {
          "name": "CVE-2024-21144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
        },
        {
          "name": "CVE-2015-7450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-7450"
        },
        {
          "name": "CVE-2022-48554",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
        },
        {
          "name": "CVE-2018-19797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19797"
        },
        {
          "name": "CVE-2023-28523",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
        },
        {
          "name": "CVE-2021-27290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
        },
        {
          "name": "CVE-2024-43799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
        },
        {
          "name": "CVE-2023-31124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
        },
        {
          "name": "CVE-2024-6232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
        },
        {
          "name": "CVE-2023-23936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
        },
        {
          "name": "CVE-2018-19827",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19827"
        },
        {
          "name": "CVE-2018-11694",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-11694"
        },
        {
          "name": "CVE-2024-39331",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
        },
        {
          "name": "CVE-2022-4904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
        },
        {
          "name": "CVE-2023-32067",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
        },
        {
          "name": "CVE-2024-47561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
        },
        {
          "name": "CVE-2024-30205",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
        },
        {
          "name": "CVE-2024-40094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40094"
        },
        {
          "name": "CVE-2023-24807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
        },
        {
          "name": "CVE-2025-22150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
        },
        {
          "name": "CVE-2024-29857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
        },
        {
          "name": "CVE-2024-30203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
        },
        {
          "name": "CVE-2024-45590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
        },
        {
          "name": "CVE-2024-43796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
        },
        {
          "name": "CVE-2024-10917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
        },
        {
          "name": "CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "name": "CVE-2023-23920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
        },
        {
          "name": "CVE-2022-24999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
        },
        {
          "name": "CVE-2024-21538",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
        },
        {
          "name": "CVE-2023-31147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
        },
        {
          "name": "CVE-2024-47764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
        },
        {
          "name": "CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "name": "CVE-2024-56340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56340"
        },
        {
          "name": "CVE-2024-48948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
        },
        {
          "name": "CVE-2018-25032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
        },
        {
          "name": "CVE-2024-45216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45216"
        },
        {
          "name": "CVE-2024-47554",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
        },
        {
          "name": "CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "name": "CVE-2023-28527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
        },
        {
          "name": "CVE-2024-21147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
        },
        {
          "name": "CVE-2023-39410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
        },
        {
          "name": "CVE-2024-7254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
        },
        {
          "name": "CVE-2019-6286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-6286"
        },
        {
          "name": "CVE-2022-37434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
        },
        {
          "name": "CVE-2018-19839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19839"
        },
        {
          "name": "CVE-2024-21140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
        },
        {
          "name": "CVE-2024-45217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45217"
        },
        {
          "name": "CVE-2024-38999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
        },
        {
          "name": "CVE-2024-52798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
        },
        {
          "name": "CVE-2018-20821",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20821"
        },
        {
          "name": "CVE-2019-6283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-6283"
        },
        {
          "name": "CVE-2023-35947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-35947"
        },
        {
          "name": "CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "name": "CVE-2024-21138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
        },
        {
          "name": "CVE-2023-23919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
        },
        {
          "name": "CVE-2024-43800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
        },
        {
          "name": "CVE-2024-21145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
        },
        {
          "name": "CVE-2024-50602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
        },
        {
          "name": "CVE-2024-30204",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
        },
        {
          "name": "CVE-2018-20190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20190"
        },
        {
          "name": "CVE-2023-28526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
        },
        {
          "name": "CVE-2023-28155",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
        },
        {
          "name": "CVE-2018-11698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-11698"
        },
        {
          "name": "CVE-2025-0823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0823"
        },
        {
          "name": "CVE-2023-26136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
        },
        {
          "name": "CVE-2023-31130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
        },
        {
          "name": "CVE-2024-21131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
        },
        {
          "name": "CVE-2024-21210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
        },
        {
          "name": "CVE-2024-21217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
        },
        {
          "name": "CVE-2024-27267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
        },
        {
          "name": "CVE-2020-7598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
        },
        {
          "name": "CVE-2024-21208",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
        }
      ],
      "initial_release_date": "2025-02-28T00:00:00",
      "last_revision_date": "2025-02-28T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0170",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-02-28T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-02-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7183676",
          "url": "https://www.ibm.com/support/pages/node/7183676"
        },
        {
          "published_at": "2019-11-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 1107105",
          "url": "https://www.ibm.com/support/pages/node/1107105"
        },
        {
          "published_at": "2025-02-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184475",
          "url": "https://www.ibm.com/support/pages/node/7184475"
        },
        {
          "published_at": "2025-02-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184474",
          "url": "https://www.ibm.com/support/pages/node/7184474"
        },
        {
          "published_at": "2025-02-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184092",
          "url": "https://www.ibm.com/support/pages/node/7184092"
        },
        {
          "published_at": "2025-02-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184217",
          "url": "https://www.ibm.com/support/pages/node/7184217"
        },
        {
          "published_at": "2025-02-28",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184476",
          "url": "https://www.ibm.com/support/pages/node/7184476"
        }
      ]
    }

    CERTFR-2025-AVI-0106

    Vulnerability from certfr_avis - Published: 2025-02-07 - Updated: 2025-02-07

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cognos Analytics Cognos Analytics versions 12.x antérieures à 12.0.4 IF2
    IBM Cognos Analytics Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5
    IBM Security QRadar EDR Security QRadar EDR versions 3.12.x antérieures à 3.12.15
    IBM Db2 IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 à 4.8 antérieures à v4.8.8
    IBM Security QRadar SIEM QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11
    References
    Bulletin de sécurité IBM 7182424 2025-02-04 vendor-advisory
    Bulletin de sécurité IBM 7182335 2025-02-03 vendor-advisory
    Bulletin de sécurité IBM 7181898 2025-02-02 vendor-advisory
    Bulletin de sécurité IBM 7181480 2025-02-04 vendor-advisory
    Bulletin de sécurité IBM 7182696 2025-02-05 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Cognos Analytics versions 12.x ant\u00e9rieures \u00e0 12.0.4 IF2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.15",
          "product": {
            "name": "Security QRadar EDR",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 \u00e0 4.8 ant\u00e9rieures \u00e0 v4.8.8",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11",
          "product": {
            "name": "Security QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2023-29483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
        },
        {
          "name": "CVE-2023-7104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
        },
        {
          "name": "CVE-2020-21469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-21469"
        },
        {
          "name": "CVE-2024-45020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45020"
        },
        {
          "name": "CVE-2024-46826",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
        },
        {
          "name": "CVE-2024-42070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
        },
        {
          "name": "CVE-2023-51714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-51714"
        },
        {
          "name": "CVE-2021-47366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-47366"
        },
        {
          "name": "CVE-2024-41093",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
        },
        {
          "name": "CVE-2021-21409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
        },
        {
          "name": "CVE-2024-36361",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-36361"
        },
        {
          "name": "CVE-2024-35939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
        },
        {
          "name": "CVE-2024-41009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
        },
        {
          "name": "CVE-2024-29041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
        },
        {
          "name": "CVE-2019-9641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9641"
        },
        {
          "name": "CVE-2022-21426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
        },
        {
          "name": "CVE-2024-39503",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
        },
        {
          "name": "CVE-2024-50268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
        },
        {
          "name": "CVE-2024-42292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
        },
        {
          "name": "CVE-2024-28849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
        },
        {
          "name": "CVE-2016-2193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
        },
        {
          "name": "CVE-2024-42284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
        },
        {
          "name": "CVE-2024-43788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
        },
        {
          "name": "CVE-2024-4068",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
        },
        {
          "name": "CVE-2024-26961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
        },
        {
          "name": "CVE-2024-38608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38608"
        },
        {
          "name": "CVE-2024-50275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
        },
        {
          "name": "CVE-2024-49352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49352"
        },
        {
          "name": "CVE-2023-37920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
        },
        {
          "name": "CVE-2024-40924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
        },
        {
          "name": "CVE-2024-22353",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
        },
        {
          "name": "CVE-2020-20703",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-20703"
        },
        {
          "name": "CVE-2024-50125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
        },
        {
          "name": "CVE-2022-48968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48968"
        },
        {
          "name": "CVE-2024-47715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
        },
        {
          "name": "CVE-2024-26976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
        },
        {
          "name": "CVE-2024-56326",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
        },
        {
          "name": "CVE-2024-50267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
        },
        {
          "name": "CVE-2019-9638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9638"
        },
        {
          "name": "CVE-2022-49016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49016"
        },
        {
          "name": "CVE-2023-52492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
        },
        {
          "name": "CVE-2023-5868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
        },
        {
          "name": "CVE-2019-9639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9639"
        },
        {
          "name": "CVE-2023-28154",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
        },
        {
          "name": "CVE-2024-27062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27062"
        },
        {
          "name": "CVE-2024-35839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35839"
        },
        {
          "name": "CVE-2024-49977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
        },
        {
          "name": "CVE-2024-43889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
        },
        {
          "name": "CVE-2019-20444",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
        },
        {
          "name": "CVE-2024-29415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
        },
        {
          "name": "CVE-2024-46820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-46820"
        },
        {
          "name": "CVE-2024-45018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
        },
        {
          "name": "CVE-2024-33883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
        },
        {
          "name": "CVE-2024-43880",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
        },
        {
          "name": "CVE-2024-26615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
        },
        {
          "name": "CVE-2024-50130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
        },
        {
          "name": "CVE-2024-4317",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4317"
        },
        {
          "name": "CVE-2024-25026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
        },
        {
          "name": "CVE-2024-38586",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
        },
        {
          "name": "CVE-2024-53047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
        },
        {
          "name": "CVE-2024-31141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
        },
        {
          "name": "CVE-2023-5870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
        },
        {
          "name": "CVE-2024-4067",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
        },
        {
          "name": "CVE-2024-45769",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45769"
        },
        {
          "name": "CVE-2024-10977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
        },
        {
          "name": "CVE-2024-27017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
        },
        {
          "name": "CVE-2018-20506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
        },
        {
          "name": "CVE-2018-20346",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
        },
        {
          "name": "CVE-2024-46845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-46845"
        },
        {
          "name": "CVE-2024-40983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
        },
        {
          "name": "CVE-2021-37137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
        },
        {
          "name": "CVE-2023-5869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
        },
        {
          "name": "CVE-2022-49003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49003"
        },
        {
          "name": "CVE-2024-42079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
        },
        {
          "name": "CVE-2024-35898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35898"
        },
        {
          "name": "CVE-2024-43854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
        },
        {
          "name": "CVE-2024-44935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
        },
        {
          "name": "CVE-2024-50124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
        },
        {
          "name": "CVE-2022-24823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
        },
        {
          "name": "CVE-2024-49875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
        },
        {
          "name": "CVE-2019-9020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9020"
        },
        {
          "name": "CVE-2024-41066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
        },
        {
          "name": "CVE-2021-37136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
        },
        {
          "name": "CVE-2019-9023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9023"
        },
        {
          "name": "CVE-2024-7348",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
        },
        {
          "name": "CVE-2024-42244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
        },
        {
          "name": "CVE-2024-10976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
        },
        {
          "name": "CVE-2024-41942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41942"
        },
        {
          "name": "CVE-2021-21295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
        },
        {
          "name": "CVE-2024-45770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45770"
        },
        {
          "name": "CVE-2024-26851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
        },
        {
          "name": "CVE-2022-48773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48773"
        },
        {
          "name": "CVE-2019-12900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
        },
        {
          "name": "CVE-2024-50282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
        },
        {
          "name": "CVE-2024-24857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24857"
        },
        {
          "name": "CVE-2024-49866",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
        },
        {
          "name": "CVE-2024-49949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
        },
        {
          "name": "CVE-2021-43797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
        },
        {
          "name": "CVE-2024-56201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
        },
        {
          "name": "CVE-2024-41092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
        },
        {
          "name": "CVE-2024-5569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
        },
        {
          "name": "CVE-2024-29736",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29736"
        },
        {
          "name": "CVE-2019-9021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9021"
        },
        {
          "name": "CVE-2024-27268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
        },
        {
          "name": "CVE-2024-47535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
        },
        {
          "name": "CVE-2022-21434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
        },
        {
          "name": "CVE-2024-41042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
        },
        {
          "name": "CVE-2023-2454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
        },
        {
          "name": "CVE-2022-42004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
        },
        {
          "name": "CVE-2024-10041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
        },
        {
          "name": "CVE-2022-34169",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
        },
        {
          "name": "CVE-2024-43892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
        },
        {
          "name": "CVE-2024-50252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
        },
        {
          "name": "CVE-2024-37890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
        },
        {
          "name": "CVE-2024-47668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
        },
        {
          "name": "CVE-2017-15010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
        },
        {
          "name": "CVE-2023-52921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52921"
        },
        {
          "name": "CVE-2024-53677",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53677"
        },
        {
          "name": "CVE-2024-10978",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
        },
        {
          "name": "CVE-2024-53140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
        },
        {
          "name": "CVE-2024-50602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
        },
        {
          "name": "CVE-2023-2455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
        },
        {
          "name": "CVE-2024-39338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
        },
        {
          "name": "CVE-2019-20478",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20478"
        },
        {
          "name": "CVE-2024-0985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
        },
        {
          "name": "CVE-2024-38541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
        },
        {
          "name": "CVE-2024-40984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
        },
        {
          "name": "CVE-2023-52922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
        },
        {
          "name": "CVE-2024-50274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
        },
        {
          "name": "CVE-2024-38540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
        },
        {
          "name": "CVE-2021-21290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
        },
        {
          "name": "CVE-2024-29180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
        },
        {
          "name": "CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "name": "CVE-2024-53064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
        },
        {
          "name": "CVE-2023-50314",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
        },
        {
          "name": "CVE-2023-52917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
        },
        {
          "name": "CVE-2023-26136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
        },
        {
          "name": "CVE-2024-44990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
        },
        {
          "name": "CVE-2023-42282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
        },
        {
          "name": "CVE-2024-42301",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
        },
        {
          "name": "CVE-2024-24786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
        },
        {
          "name": "CVE-2024-22354",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
        },
        {
          "name": "CVE-2024-50279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
        },
        {
          "name": "CVE-2022-21476",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
        },
        {
          "name": "CVE-2019-16869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
        },
        {
          "name": "CVE-2022-23491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
        },
        {
          "name": "CVE-2022-21541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
        },
        {
          "name": "CVE-2024-26924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
        },
        {
          "name": "CVE-2022-21540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
        },
        {
          "name": "CVE-2024-44989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
        },
        {
          "name": "CVE-2018-20505",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
        },
        {
          "name": "CVE-2024-32007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32007"
        },
        {
          "name": "CVE-2024-10979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
        },
        {
          "name": "CVE-2019-20445",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
        },
        {
          "name": "CVE-2024-40961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
        }
      ],
      "initial_release_date": "2025-02-07T00:00:00",
      "last_revision_date": "2025-02-07T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0106",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-02-07T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        },
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-02-04",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182424",
          "url": "https://www.ibm.com/support/pages/node/7182424"
        },
        {
          "published_at": "2025-02-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182335",
          "url": "https://www.ibm.com/support/pages/node/7182335"
        },
        {
          "published_at": "2025-02-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7181898",
          "url": "https://www.ibm.com/support/pages/node/7181898"
        },
        {
          "published_at": "2025-02-04",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7181480",
          "url": "https://www.ibm.com/support/pages/node/7181480"
        },
        {
          "published_at": "2025-02-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182696",
          "url": "https://www.ibm.com/support/pages/node/7182696"
        }
      ]
    }

    CVE-2025-3633 (GCVE-0-2025-3633)

    Vulnerability from nvd – Published: 2026-05-27 12:17 – Updated: 2026-05-27 14:31
    VLAI
    Title
    IBM Cognos Analytics is affected by multiple security vulnerabilities
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272628 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 12.0
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Cognos Transformer Affected: 12.0
    Affected: 11.2.4
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:27:31.520327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:31:40.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Transformer",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:17:11.519Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272628"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versionsProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6IBM Cognos Analytics 11.2.4 Fix Pack 7IBM Cognos Analytics12.0.0 - 12.0.4 FP1IBM Cognos Analytics 12.0.4 Fix Pack 2IBM Cognos Analytics12.1.0 - 12.1.1 IF1IBM Cognos Analytics 12.1.2"
            }
          ],
          "title": "IBM Cognos Analytics is affected by multiple security vulnerabilities",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3633",
        "datePublished": "2026-05-27T12:17:11.519Z",
        "dateReserved": "2025-04-15T09:48:14.783Z",
        "dateUpdated": "2026-05-27T14:31:40.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36126 (GCVE-0-2025-36126)

    Vulnerability from nvd – Published: 2026-05-26 15:52 – Updated: 2026-05-27 17:20
    VLAI
    Title
    IBM Cognos Analytics is affected by Cross-site scripting.
    Summary
    IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272628 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 12.0
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Cognos Transformer Affected: 12.0
    Affected: 11.2.4
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T17:20:04.656302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T17:20:14.707Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Transformer",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:05:00.708Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272628"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versions\n\nProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6 IBM Cognos Analytics 11.2.4 Fix Pack 7 https://www.ibm.com/support/pages/node/7270262 IBM Cognos Analytics12.0.0 - 12.0.4 FP1 IBM Cognos Analytics 12.0.4 Fix Pack 2 https://www.ibm.com/support/pages/node/7269268 IBM Cognos Analytics12.1.0 - 12.1.1 IF1 IBM Cognos Analytics 12.1.2 https://www.ibm.com/support/pages/node/7258071"
            }
          ],
          "title": "IBM Cognos Analytics is affected by Cross-site scripting.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36126",
        "datePublished": "2026-05-26T15:52:49.002Z",
        "dateReserved": "2025-04-15T21:16:18.171Z",
        "dateUpdated": "2026-05-27T17:20:14.707Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52900 (GCVE-0-2024-52900)

    Vulnerability from nvd – Published: 2025-06-28 00:59 – Updated: 2025-08-24 11:37
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7238163 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:fix_pack5:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:37:13.283783Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:37:28.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fix_pack5:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:37:56.523Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7238163"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remediation/Fixes:\u003cbr\u003eIBM Cognos Analytics  12.0.0 - 12.0.4  12.0.4 FP1  IBM Cognos Analytics 12.0.4 FP1\u003cbr\u003eIBM Cognos Analytics  11.2.0 - 11.2.4 IF5  11.2.4 FP6  IBM Cognos Analytics 11.2.4 Fix Pack 6"
                }
              ],
              "value": "Remediation/Fixes:\nIBM Cognos Analytics  12.0.0 - 12.0.4  12.0.4 FP1  IBM Cognos Analytics 12.0.4 FP1\nIBM Cognos Analytics  11.2.0 - 11.2.4 IF5  11.2.4 FP6  IBM Cognos Analytics 11.2.4 Fix Pack 6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-52900",
        "datePublished": "2025-06-28T00:59:23.758Z",
        "dateReserved": "2024-11-17T14:25:57.178Z",
        "dateUpdated": "2025-08-24T11:37:56.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25032 (GCVE-0-2025-25032)

    Vulnerability from nvd – Published: 2025-06-11 17:26 – Updated: 2025-08-24 11:55
    VLAI
    Title
    IBM Cognos Analytics denial of service
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:48:46.362442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:48:54.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:55:03.503Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-25032",
        "datePublished": "2025-06-11T17:26:35.867Z",
        "dateReserved": "2025-01-31T16:27:15.748Z",
        "dateUpdated": "2025-08-24T11:55:03.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0923 (GCVE-0-2025-0923)

    Vulnerability from nvd – Published: 2025-06-11 17:28 – Updated: 2025-08-24 11:57
    VLAI
    Title
    IBM Cognos Analytics information disclosure
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:39:08.665255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:40:49.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:57:12.698Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0923",
        "datePublished": "2025-06-11T17:28:57.762Z",
        "dateReserved": "2025-01-31T01:57:18.370Z",
        "dateUpdated": "2025-08-24T11:57:12.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0917 (GCVE-0-2025-0917)

    Vulnerability from nvd – Published: 2025-06-11 17:27 – Updated: 2025-08-24 11:56
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0917",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:42:01.055858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:43:31.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:56:28.910Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0917",
        "datePublished": "2025-06-11T17:27:49.930Z",
        "dateReserved": "2025-01-30T23:58:48.707Z",
        "dateUpdated": "2025-08-24T11:56:28.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0823 (GCVE-0-2025-0823)

    Vulnerability from nvd – Published: 2025-02-28 02:31 – Updated: 2025-02-28 16:24
    VLAI
    Title
    IBM MQ path traversal
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:24:08.118966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:24:22.680Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:31:01.843Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183676"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0823",
        "datePublished": "2025-02-28T02:31:01.843Z",
        "dateReserved": "2025-01-29T02:06:49.318Z",
        "dateUpdated": "2025-02-28T16:24:22.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-56340 (GCVE-0-2024-56340)

    Vulnerability from nvd – Published: 2025-02-28 02:32 – Updated: 2025-10-17 15:23
    VLAI
    Title
    IBM Cognos Analytics path traversal
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mario Tesoro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56340",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:02:17.372210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:07:52.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-10-17T15:23:28.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-56340"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mario Tesoro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T16:15:40.732Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183676"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-56340",
        "datePublished": "2025-02-28T02:32:30.345Z",
        "dateReserved": "2024-12-20T13:55:07.212Z",
        "dateUpdated": "2025-10-17T15:23:28.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49352 (GCVE-0-2024-49352)

    Vulnerability from nvd – Published: 2025-02-05 10:58 – Updated: 2025-02-22 21:00
    VLAI
    Title
    IBM Cognos Anaytics XML external entity injection
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T14:14:37.197807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:51:30.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-22T21:00:55.875Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181480"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Anaytics XML external entity injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-49352",
        "datePublished": "2025-02-05T10:58:33.935Z",
        "dateReserved": "2024-10-14T12:05:24.915Z",
        "dateUpdated": "2025-02-22T21:00:55.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3633 (GCVE-0-2025-3633)

    Vulnerability from cvelistv5 – Published: 2026-05-27 12:17 – Updated: 2026-05-27 14:31
    VLAI
    Title
    IBM Cognos Analytics is affected by multiple security vulnerabilities
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272628 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 12.0
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Cognos Transformer Affected: 12.0
    Affected: 11.2.4
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:27:31.520327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:31:40.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Transformer",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:17:11.519Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272628"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versionsProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6IBM Cognos Analytics 11.2.4 Fix Pack 7IBM Cognos Analytics12.0.0 - 12.0.4 FP1IBM Cognos Analytics 12.0.4 Fix Pack 2IBM Cognos Analytics12.1.0 - 12.1.1 IF1IBM Cognos Analytics 12.1.2"
            }
          ],
          "title": "IBM Cognos Analytics is affected by multiple security vulnerabilities",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3633",
        "datePublished": "2026-05-27T12:17:11.519Z",
        "dateReserved": "2025-04-15T09:48:14.783Z",
        "dateUpdated": "2026-05-27T14:31:40.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36126 (GCVE-0-2025-36126)

    Vulnerability from cvelistv5 – Published: 2026-05-26 15:52 – Updated: 2026-05-27 17:20
    VLAI
    Title
    IBM Cognos Analytics is affected by Cross-site scripting.
    Summary
    IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272628 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 12.0
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Cognos Transformer Affected: 12.0
    Affected: 11.2.4
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T17:20:04.656302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T17:20:14.707Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Transformer",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:05:00.708Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272628"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versions\n\nProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6 IBM Cognos Analytics 11.2.4 Fix Pack 7 https://www.ibm.com/support/pages/node/7270262 IBM Cognos Analytics12.0.0 - 12.0.4 FP1 IBM Cognos Analytics 12.0.4 Fix Pack 2 https://www.ibm.com/support/pages/node/7269268 IBM Cognos Analytics12.1.0 - 12.1.1 IF1 IBM Cognos Analytics 12.1.2 https://www.ibm.com/support/pages/node/7258071"
            }
          ],
          "title": "IBM Cognos Analytics is affected by Cross-site scripting.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36126",
        "datePublished": "2026-05-26T15:52:49.002Z",
        "dateReserved": "2025-04-15T21:16:18.171Z",
        "dateUpdated": "2026-05-27T17:20:14.707Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52900 (GCVE-0-2024-52900)

    Vulnerability from cvelistv5 – Published: 2025-06-28 00:59 – Updated: 2025-08-24 11:37
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7238163 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:fix_pack5:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:37:13.283783Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:37:28.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fix_pack5:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:37:56.523Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7238163"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remediation/Fixes:\u003cbr\u003eIBM Cognos Analytics  12.0.0 - 12.0.4  12.0.4 FP1  IBM Cognos Analytics 12.0.4 FP1\u003cbr\u003eIBM Cognos Analytics  11.2.0 - 11.2.4 IF5  11.2.4 FP6  IBM Cognos Analytics 11.2.4 Fix Pack 6"
                }
              ],
              "value": "Remediation/Fixes:\nIBM Cognos Analytics  12.0.0 - 12.0.4  12.0.4 FP1  IBM Cognos Analytics 12.0.4 FP1\nIBM Cognos Analytics  11.2.0 - 11.2.4 IF5  11.2.4 FP6  IBM Cognos Analytics 11.2.4 Fix Pack 6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-52900",
        "datePublished": "2025-06-28T00:59:23.758Z",
        "dateReserved": "2024-11-17T14:25:57.178Z",
        "dateUpdated": "2025-08-24T11:37:56.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0923 (GCVE-0-2025-0923)

    Vulnerability from cvelistv5 – Published: 2025-06-11 17:28 – Updated: 2025-08-24 11:57
    VLAI
    Title
    IBM Cognos Analytics information disclosure
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:39:08.665255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:40:49.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:57:12.698Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0923",
        "datePublished": "2025-06-11T17:28:57.762Z",
        "dateReserved": "2025-01-31T01:57:18.370Z",
        "dateUpdated": "2025-08-24T11:57:12.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0917 (GCVE-0-2025-0917)

    Vulnerability from cvelistv5 – Published: 2025-06-11 17:27 – Updated: 2025-08-24 11:56
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0917",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:42:01.055858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:43:31.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:56:28.910Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0917",
        "datePublished": "2025-06-11T17:27:49.930Z",
        "dateReserved": "2025-01-30T23:58:48.707Z",
        "dateUpdated": "2025-08-24T11:56:28.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25032 (GCVE-0-2025-25032)

    Vulnerability from cvelistv5 – Published: 2025-06-11 17:26 – Updated: 2025-08-24 11:55
    VLAI
    Title
    IBM Cognos Analytics denial of service
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:48:46.362442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:48:54.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:55:03.503Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-25032",
        "datePublished": "2025-06-11T17:26:35.867Z",
        "dateReserved": "2025-01-31T16:27:15.748Z",
        "dateUpdated": "2025-08-24T11:55:03.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-56340 (GCVE-0-2024-56340)

    Vulnerability from cvelistv5 – Published: 2025-02-28 02:32 – Updated: 2025-10-17 15:23
    VLAI
    Title
    IBM Cognos Analytics path traversal
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mario Tesoro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56340",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:02:17.372210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:07:52.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-10-17T15:23:28.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-56340"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mario Tesoro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T16:15:40.732Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183676"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-56340",
        "datePublished": "2025-02-28T02:32:30.345Z",
        "dateReserved": "2024-12-20T13:55:07.212Z",
        "dateUpdated": "2025-10-17T15:23:28.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0823 (GCVE-0-2025-0823)

    Vulnerability from cvelistv5 – Published: 2025-02-28 02:31 – Updated: 2025-02-28 16:24
    VLAI
    Title
    IBM MQ path traversal
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:24:08.118966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:24:22.680Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:31:01.843Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183676"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0823",
        "datePublished": "2025-02-28T02:31:01.843Z",
        "dateReserved": "2025-01-29T02:06:49.318Z",
        "dateUpdated": "2025-02-28T16:24:22.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49352 (GCVE-0-2024-49352)

    Vulnerability from cvelistv5 – Published: 2025-02-05 10:58 – Updated: 2025-02-22 21:00
    VLAI
    Title
    IBM Cognos Anaytics XML external entity injection
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T14:14:37.197807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:51:30.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-22T21:00:55.875Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181480"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Anaytics XML external entity injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-49352",
        "datePublished": "2025-02-05T10:58:33.935Z",
        "dateReserved": "2024-10-14T12:05:24.915Z",
        "dateUpdated": "2025-02-22T21:00:55.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }