Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2024-06-28 |
| Product | Cognos Analytics | Last view | 2025-06-11 |
| Version | 11.2.4 | Type | Application |
| Update | fixpack3 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:cognos_analytics | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2025-06-11 | CVE-2025-25032 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources. |
| 5.3 | 2025-06-11 | CVE-2025-0923 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system. |
| 4.8 | 2025-06-11 | CVE-2025-0917 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
| 5.2 | 2024-12-18 | CVE-2024-45082 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. |
| 6.1 | 2024-12-18 | CVE-2024-41752 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. |
| 6.1 | 2024-12-18 | CVE-2024-25042 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. |
| 5.5 | 2024-09-22 | CVE-2024-40703 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. |
| 5.4 | 2024-06-28 | CVE-2024-25041 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 42% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 14% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 14% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 14% (1) | CWE-540 | Information Leak Through Source Code |
| 14% (1) | CWE-522 | Insufficiently Protected Credentials |
