CVE-2020-4302

HIGH

IBM Cognos Analytics <11.1 - RCE

Title source: llm

Description

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6346922

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/176610

Scores

CVSS v3 7.8

EPSS 0.0137

EPSS Percentile 80.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (2)

ibm/cognos_analytics 11.0.13 (3 CPE variants)

ibm/cognos_analytics 11.0.0 - 11.0.13

Published Oct 12, 2020

Tracked Since Feb 18, 2026