Search

Find a vulnerability

Search criteria

    208 vulnerabilities found for cognos_analytics by ibm

    CVE-2025-3633 (GCVE-0-2025-3633)

    Vulnerability from nvd – Published: 2026-05-27 12:17 – Updated: 2026-05-27 14:31
    VLAI
    Title
    IBM Cognos Analytics is affected by multiple security vulnerabilities
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272628 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 12.0
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Cognos Transformer Affected: 12.0
    Affected: 11.2.4
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:27:31.520327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:31:40.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Transformer",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:17:11.519Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272628"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versionsProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6IBM Cognos Analytics 11.2.4 Fix Pack 7IBM Cognos Analytics12.0.0 - 12.0.4 FP1IBM Cognos Analytics 12.0.4 Fix Pack 2IBM Cognos Analytics12.1.0 - 12.1.1 IF1IBM Cognos Analytics 12.1.2"
            }
          ],
          "title": "IBM Cognos Analytics is affected by multiple security vulnerabilities",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3633",
        "datePublished": "2026-05-27T12:17:11.519Z",
        "dateReserved": "2025-04-15T09:48:14.783Z",
        "dateUpdated": "2026-05-27T14:31:40.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36126 (GCVE-0-2025-36126)

    Vulnerability from nvd – Published: 2026-05-26 15:52 – Updated: 2026-05-27 17:20
    VLAI
    Title
    IBM Cognos Analytics is affected by Cross-site scripting.
    Summary
    IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272628 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 12.0
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Cognos Transformer Affected: 12.0
    Affected: 11.2.4
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T17:20:04.656302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T17:20:14.707Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Transformer",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:05:00.708Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272628"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versions\n\nProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6 IBM Cognos Analytics 11.2.4 Fix Pack 7 https://www.ibm.com/support/pages/node/7270262 IBM Cognos Analytics12.0.0 - 12.0.4 FP1 IBM Cognos Analytics 12.0.4 Fix Pack 2 https://www.ibm.com/support/pages/node/7269268 IBM Cognos Analytics12.1.0 - 12.1.1 IF1 IBM Cognos Analytics 12.1.2 https://www.ibm.com/support/pages/node/7258071"
            }
          ],
          "title": "IBM Cognos Analytics is affected by Cross-site scripting.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36126",
        "datePublished": "2026-05-26T15:52:49.002Z",
        "dateReserved": "2025-04-15T21:16:18.171Z",
        "dateUpdated": "2026-05-27T17:20:14.707Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52900 (GCVE-0-2024-52900)

    Vulnerability from nvd – Published: 2025-06-28 00:59 – Updated: 2025-08-24 11:37
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7238163 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:fix_pack5:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:37:13.283783Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:37:28.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fix_pack5:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:37:56.523Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7238163"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remediation/Fixes:\u003cbr\u003eIBM Cognos Analytics  12.0.0 - 12.0.4  12.0.4 FP1  IBM Cognos Analytics 12.0.4 FP1\u003cbr\u003eIBM Cognos Analytics  11.2.0 - 11.2.4 IF5  11.2.4 FP6  IBM Cognos Analytics 11.2.4 Fix Pack 6"
                }
              ],
              "value": "Remediation/Fixes:\nIBM Cognos Analytics  12.0.0 - 12.0.4  12.0.4 FP1  IBM Cognos Analytics 12.0.4 FP1\nIBM Cognos Analytics  11.2.0 - 11.2.4 IF5  11.2.4 FP6  IBM Cognos Analytics 11.2.4 Fix Pack 6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-52900",
        "datePublished": "2025-06-28T00:59:23.758Z",
        "dateReserved": "2024-11-17T14:25:57.178Z",
        "dateUpdated": "2025-08-24T11:37:56.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25032 (GCVE-0-2025-25032)

    Vulnerability from nvd – Published: 2025-06-11 17:26 – Updated: 2025-08-24 11:55
    VLAI
    Title
    IBM Cognos Analytics denial of service
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:48:46.362442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:48:54.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:55:03.503Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-25032",
        "datePublished": "2025-06-11T17:26:35.867Z",
        "dateReserved": "2025-01-31T16:27:15.748Z",
        "dateUpdated": "2025-08-24T11:55:03.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0923 (GCVE-0-2025-0923)

    Vulnerability from nvd – Published: 2025-06-11 17:28 – Updated: 2025-08-24 11:57
    VLAI
    Title
    IBM Cognos Analytics information disclosure
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:39:08.665255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:40:49.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:57:12.698Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0923",
        "datePublished": "2025-06-11T17:28:57.762Z",
        "dateReserved": "2025-01-31T01:57:18.370Z",
        "dateUpdated": "2025-08-24T11:57:12.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0917 (GCVE-0-2025-0917)

    Vulnerability from nvd – Published: 2025-06-11 17:27 – Updated: 2025-08-24 11:56
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0917",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:42:01.055858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:43:31.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:56:28.910Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0917",
        "datePublished": "2025-06-11T17:27:49.930Z",
        "dateReserved": "2025-01-30T23:58:48.707Z",
        "dateUpdated": "2025-08-24T11:56:28.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0823 (GCVE-0-2025-0823)

    Vulnerability from nvd – Published: 2025-02-28 02:31 – Updated: 2025-02-28 16:24
    VLAI
    Title
    IBM MQ path traversal
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:24:08.118966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:24:22.680Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:31:01.843Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183676"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0823",
        "datePublished": "2025-02-28T02:31:01.843Z",
        "dateReserved": "2025-01-29T02:06:49.318Z",
        "dateUpdated": "2025-02-28T16:24:22.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-56340 (GCVE-0-2024-56340)

    Vulnerability from nvd – Published: 2025-02-28 02:32 – Updated: 2025-10-17 15:23
    VLAI
    Title
    IBM Cognos Analytics path traversal
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mario Tesoro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56340",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:02:17.372210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:07:52.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-10-17T15:23:28.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-56340"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mario Tesoro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T16:15:40.732Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183676"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-56340",
        "datePublished": "2025-02-28T02:32:30.345Z",
        "dateReserved": "2024-12-20T13:55:07.212Z",
        "dateUpdated": "2025-10-17T15:23:28.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49352 (GCVE-0-2024-49352)

    Vulnerability from nvd – Published: 2025-02-05 10:58 – Updated: 2025-02-22 21:00
    VLAI
    Title
    IBM Cognos Anaytics XML external entity injection
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T14:14:37.197807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:51:30.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-22T21:00:55.875Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181480"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Anaytics XML external entity injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-49352",
        "datePublished": "2025-02-05T10:58:33.935Z",
        "dateReserved": "2024-10-14T12:05:24.915Z",
        "dateUpdated": "2025-02-22T21:00:55.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38009 (GCVE-0-2023-38009)

    Vulnerability from nvd – Published: 2025-01-26 15:57 – Updated: 2025-01-27 14:52
    VLAI
    Title
    IBM Cognos Analytics Mobile information disclosure
    Summary
    IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*
    Create a notification for this product.
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38009",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T14:39:38.494450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T14:52:09.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."
                }
              ],
              "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-26T15:57:42.477Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7172691"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7172692"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38009",
        "datePublished": "2025-01-26T15:57:42.477Z",
        "dateReserved": "2023-07-11T17:33:11.276Z",
        "dateUpdated": "2025-01-27T14:52:09.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51466 (GCVE-0-2024-51466)

    Vulnerability from nvd – Published: 2024-12-20 13:38 – Updated: 2024-12-20 15:43
    VLAI
    Title
    IBM Cognos Analytics expression language injection
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T15:43:09.716633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T15:43:29.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.0 through 12.0.4\u003c/span\u003e\n\nis vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n12.0.0 through 12.0.4\n\nis vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-917",
                  "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-20T13:38:55.895Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7179496"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics expression language injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51466",
        "datePublished": "2024-12-20T13:38:55.895Z",
        "dateReserved": "2024-10-28T10:50:10.475Z",
        "dateUpdated": "2024-12-20T15:43:29.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40695 (GCVE-0-2024-40695)

    Vulnerability from nvd – Published: 2024-12-20 13:41 – Updated: 2024-12-20 15:42
    VLAI
    Title
    IBM Cognos Analytics file upload
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T15:41:48.274181Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T15:42:12.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.0 through 12.0.4\u003c/span\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n12.0.0 through 12.0.4\n\n\n\ncould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-20T13:41:00.327Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179496"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics file upload",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-40695",
        "datePublished": "2024-12-20T13:41:00.327Z",
        "dateReserved": "2024-07-08T19:31:03.052Z",
        "dateUpdated": "2024-12-20T15:42:12.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45082 (GCVE-0-2024-45082)

    Vulnerability from nvd – Published: 2024-12-18 16:15 – Updated: 2024-12-18 19:36
    VLAI
    Title
    IBM Cognos Analytics HTTP open redirection
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.3 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45082",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T19:35:56.748146Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T19:36:15.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.3",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\ncould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T16:15:12.666Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177223"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics HTTP open redirection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-45082",
        "datePublished": "2024-12-18T16:15:12.666Z",
        "dateReserved": "2024-08-21T19:11:05.063Z",
        "dateUpdated": "2024-12-18T19:36:15.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41752 (GCVE-0-2024-41752)

    Vulnerability from nvd – Published: 2024-12-18 16:07 – Updated: 2024-12-18 19:37
    VLAI
    Title
    IBM Cognos Analytics HTML injection
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.3 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41752",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T19:36:51.734065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T19:37:04.686Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.3",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T16:07:14.012Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177223"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-41752",
        "datePublished": "2024-12-18T16:07:14.012Z",
        "dateReserved": "2024-07-22T12:02:37.814Z",
        "dateUpdated": "2024-12-18T19:37:04.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25042 (GCVE-0-2024-25042)

    Vulnerability from nvd – Published: 2024-12-18 16:20 – Updated: 2024-12-18 19:34
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.3 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T19:34:20.464608Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T19:34:34.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.3",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\n\nis potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T16:20:06.155Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7173592"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-25042",
        "datePublished": "2024-12-18T16:20:06.155Z",
        "dateReserved": "2024-02-03T14:49:33.093Z",
        "dateUpdated": "2024-12-18T19:34:34.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3633 (GCVE-0-2025-3633)

    Vulnerability from cvelistv5 – Published: 2026-05-27 12:17 – Updated: 2026-05-27 14:31
    VLAI
    Title
    IBM Cognos Analytics is affected by multiple security vulnerabilities
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272628 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 12.0
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Cognos Transformer Affected: 12.0
    Affected: 11.2.4
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:27:31.520327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:31:40.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Transformer",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:17:11.519Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272628"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versionsProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6IBM Cognos Analytics 11.2.4 Fix Pack 7IBM Cognos Analytics12.0.0 - 12.0.4 FP1IBM Cognos Analytics 12.0.4 Fix Pack 2IBM Cognos Analytics12.1.0 - 12.1.1 IF1IBM Cognos Analytics 12.1.2"
            }
          ],
          "title": "IBM Cognos Analytics is affected by multiple security vulnerabilities",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3633",
        "datePublished": "2026-05-27T12:17:11.519Z",
        "dateReserved": "2025-04-15T09:48:14.783Z",
        "dateUpdated": "2026-05-27T14:31:40.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36126 (GCVE-0-2025-36126)

    Vulnerability from cvelistv5 – Published: 2026-05-26 15:52 – Updated: 2026-05-27 17:20
    VLAI
    Title
    IBM Cognos Analytics is affected by Cross-site scripting.
    Summary
    IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272628 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 12.0
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Cognos Transformer Affected: 12.0
    Affected: 11.2.4
    Affected: 12.1.0
        cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T17:20:04.656302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T17:20:14.707Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
              ],
              "product": "Cognos Transformer",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:05:00.708Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272628"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versions\n\nProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6 IBM Cognos Analytics 11.2.4 Fix Pack 7 https://www.ibm.com/support/pages/node/7270262 IBM Cognos Analytics12.0.0 - 12.0.4 FP1 IBM Cognos Analytics 12.0.4 Fix Pack 2 https://www.ibm.com/support/pages/node/7269268 IBM Cognos Analytics12.1.0 - 12.1.1 IF1 IBM Cognos Analytics 12.1.2 https://www.ibm.com/support/pages/node/7258071"
            }
          ],
          "title": "IBM Cognos Analytics is affected by Cross-site scripting.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36126",
        "datePublished": "2026-05-26T15:52:49.002Z",
        "dateReserved": "2025-04-15T21:16:18.171Z",
        "dateUpdated": "2026-05-27T17:20:14.707Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52900 (GCVE-0-2024-52900)

    Vulnerability from cvelistv5 – Published: 2025-06-28 00:59 – Updated: 2025-08-24 11:37
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7238163 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:fix_pack5:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:37:13.283783Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:37:28.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fix_pack5:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:37:56.523Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7238163"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remediation/Fixes:\u003cbr\u003eIBM Cognos Analytics  12.0.0 - 12.0.4  12.0.4 FP1  IBM Cognos Analytics 12.0.4 FP1\u003cbr\u003eIBM Cognos Analytics  11.2.0 - 11.2.4 IF5  11.2.4 FP6  IBM Cognos Analytics 11.2.4 Fix Pack 6"
                }
              ],
              "value": "Remediation/Fixes:\nIBM Cognos Analytics  12.0.0 - 12.0.4  12.0.4 FP1  IBM Cognos Analytics 12.0.4 FP1\nIBM Cognos Analytics  11.2.0 - 11.2.4 IF5  11.2.4 FP6  IBM Cognos Analytics 11.2.4 Fix Pack 6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-52900",
        "datePublished": "2025-06-28T00:59:23.758Z",
        "dateReserved": "2024-11-17T14:25:57.178Z",
        "dateUpdated": "2025-08-24T11:37:56.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0923 (GCVE-0-2025-0923)

    Vulnerability from cvelistv5 – Published: 2025-06-11 17:28 – Updated: 2025-08-24 11:57
    VLAI
    Title
    IBM Cognos Analytics information disclosure
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:39:08.665255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:40:49.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:57:12.698Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0923",
        "datePublished": "2025-06-11T17:28:57.762Z",
        "dateReserved": "2025-01-31T01:57:18.370Z",
        "dateUpdated": "2025-08-24T11:57:12.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0917 (GCVE-0-2025-0917)

    Vulnerability from cvelistv5 – Published: 2025-06-11 17:27 – Updated: 2025-08-24 11:56
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0917",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:42:01.055858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:43:31.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:56:28.910Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0917",
        "datePublished": "2025-06-11T17:27:49.930Z",
        "dateReserved": "2025-01-30T23:58:48.707Z",
        "dateUpdated": "2025-08-24T11:56:28.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25032 (GCVE-0-2025-25032)

    Vulnerability from cvelistv5 – Published: 2025-06-11 17:26 – Updated: 2025-08-24 11:55
    VLAI
    Title
    IBM Cognos Analytics denial of service
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234674 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.4
    Affected: 12.0.0
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.4
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:48:46.362442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:48:54.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:55:03.503Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234674"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
                }
              ],
              "value": "IBM Cognos Analytics  12.0.4 FP1  IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics  11.2.4 IF4  IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-25032",
        "datePublished": "2025-06-11T17:26:35.867Z",
        "dateReserved": "2025-01-31T16:27:15.748Z",
        "dateUpdated": "2025-08-24T11:55:03.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-56340 (GCVE-0-2024-56340)

    Vulnerability from cvelistv5 – Published: 2025-02-28 02:32 – Updated: 2025-10-17 15:23
    VLAI
    Title
    IBM Cognos Analytics path traversal
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mario Tesoro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56340",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:02:17.372210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:07:52.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-10-17T15:23:28.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-56340"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mario Tesoro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T16:15:40.732Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183676"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-56340",
        "datePublished": "2025-02-28T02:32:30.345Z",
        "dateReserved": "2024-12-20T13:55:07.212Z",
        "dateUpdated": "2025-10-17T15:23:28.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0823 (GCVE-0-2025-0823)

    Vulnerability from cvelistv5 – Published: 2025-02-28 02:31 – Updated: 2025-02-28 16:24
    VLAI
    Title
    IBM MQ path traversal
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 FP5 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:24:08.118966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:24:22.680Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4 FP5",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:31:01.843Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183676"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0823",
        "datePublished": "2025-02-28T02:31:01.843Z",
        "dateReserved": "2025-01-29T02:06:49.318Z",
        "dateUpdated": "2025-02-28T16:24:22.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49352 (GCVE-0-2024-49352)

    Vulnerability from cvelistv5 – Published: 2025-02-05 10:58 – Updated: 2025-02-22 21:00
    VLAI
    Title
    IBM Cognos Anaytics XML external entity injection
    Summary
    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T14:14:37.197807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:51:30.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-22T21:00:55.875Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181480"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Anaytics XML external entity injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-49352",
        "datePublished": "2025-02-05T10:58:33.935Z",
        "dateReserved": "2024-10-14T12:05:24.915Z",
        "dateUpdated": "2025-02-22T21:00:55.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38009 (GCVE-0-2023-38009)

    Vulnerability from cvelistv5 – Published: 2025-01-26 15:57 – Updated: 2025-01-27 14:52
    VLAI
    Title
    IBM Cognos Analytics Mobile information disclosure
    Summary
    IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*
    Create a notification for this product.
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38009",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T14:39:38.494450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T14:52:09.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."
                }
              ],
              "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-26T15:57:42.477Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7172691"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7172692"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38009",
        "datePublished": "2025-01-26T15:57:42.477Z",
        "dateReserved": "2023-07-11T17:33:11.276Z",
        "dateUpdated": "2025-01-27T14:52:09.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40695 (GCVE-0-2024-40695)

    Vulnerability from cvelistv5 – Published: 2024-12-20 13:41 – Updated: 2024-12-20 15:42
    VLAI
    Title
    IBM Cognos Analytics file upload
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T15:41:48.274181Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T15:42:12.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.0 through 12.0.4\u003c/span\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n12.0.0 through 12.0.4\n\n\n\ncould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-20T13:41:00.327Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179496"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics file upload",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-40695",
        "datePublished": "2024-12-20T13:41:00.327Z",
        "dateReserved": "2024-07-08T19:31:03.052Z",
        "dateUpdated": "2024-12-20T15:42:12.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51466 (GCVE-0-2024-51466)

    Vulnerability from cvelistv5 – Published: 2024-12-20 13:38 – Updated: 2024-12-20 15:43
    VLAI
    Title
    IBM Cognos Analytics expression language injection
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.4 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T15:43:09.716633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T15:43:29.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.0 through 12.0.4\u003c/span\u003e\n\nis vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n12.0.0 through 12.0.4\n\nis vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-917",
                  "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-20T13:38:55.895Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7179496"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics expression language injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51466",
        "datePublished": "2024-12-20T13:38:55.895Z",
        "dateReserved": "2024-10-28T10:50:10.475Z",
        "dateUpdated": "2024-12-20T15:43:29.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25042 (GCVE-0-2024-25042)

    Vulnerability from cvelistv5 – Published: 2024-12-18 16:20 – Updated: 2024-12-18 19:34
    VLAI
    Title
    IBM Cognos Analytics cross-site scripting
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.3 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T19:34:20.464608Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T19:34:34.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.3",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\n\nis potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T16:20:06.155Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7173592"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-25042",
        "datePublished": "2024-12-18T16:20:06.155Z",
        "dateReserved": "2024-02-03T14:49:33.093Z",
        "dateUpdated": "2024-12-18T19:34:34.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45082 (GCVE-0-2024-45082)

    Vulnerability from cvelistv5 – Published: 2024-12-18 16:15 – Updated: 2024-12-18 19:36
    VLAI
    Title
    IBM Cognos Analytics HTTP open redirection
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.3 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45082",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T19:35:56.748146Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T19:36:15.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.3",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\ncould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T16:15:12.666Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177223"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics HTTP open redirection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-45082",
        "datePublished": "2024-12-18T16:15:12.666Z",
        "dateReserved": "2024-08-21T19:11:05.063Z",
        "dateUpdated": "2024-12-18T19:36:15.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41752 (GCVE-0-2024-41752)

    Vulnerability from cvelistv5 – Published: 2024-12-18 16:07 – Updated: 2024-12-18 19:37
    VLAI
    Title
    IBM Cognos Analytics HTML injection
    Summary
    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Affected: 11.2.0 , ≤ 11.2.4 (semver)
    Affected: 12.0.0 , ≤ 12.0.3 (semver)
        cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41752",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T19:36:51.734065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T19:37:04.686Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cognos Analytics",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.2.4",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.3",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T16:07:14.012Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177223"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-41752",
        "datePublished": "2024-12-18T16:07:14.012Z",
        "dateReserved": "2024-07-22T12:02:37.814Z",
        "dateUpdated": "2024-12-18T19:37:04.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }