CVE-2024-25053

June 28, 2024, 7:15 p.m.

5.9
Medium

Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.

Product(s) Impacted

Product Versions
IBM Cognos Analytics
  • 11.2.0
  • 11.2.1
  • 11.2.2
  • 11.2.3
  • 11.2.4
  • 12.0.0
  • 12.0.1
  • 12.0.2

Weaknesses

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/283364
https://www.ibm.com/support/pages/node/7156941

Tags

psirt@us.ibm.com
CWE-295
2024-06-28
CVE-2024-25053

CVSS Score

5.9 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Date

  • Published: June 28, 2024, 7:15 p.m.
  • Last Modified: June 28, 2024, 7:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@us.ibm.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.