CVE-2024-25053
MEDIUMIBM Cognos Analytics <12.0.2 - Improper Certificate Validation
Title source: llmDescription
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.
References (3)
Core 3
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20241108-0002/
Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7156941
VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/283364
Scores
CVSS v3
5.9
EPSS
0.0008
EPSS Percentile
23.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
Status
published
Products (8)
ibm/cognos_analytics
11.2.0
ibm/cognos_analytics
11.2.1
ibm/cognos_analytics
11.2.2
ibm/cognos_analytics
11.2.3
ibm/cognos_analytics
11.2.4
ibm/cognos_analytics
12.0.0
ibm/cognos_analytics
12.0.1
ibm/cognos_analytics
12.0.2
Published
Jun 28, 2024
Tracked Since
Feb 18, 2026