IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
History

Wed, 18 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 18 Dec 2024 16:30:00 +0000

Type Values Removed Values Added
Description IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Title IBM Cognos Analytics HTML injection
First Time appeared Ibm
Ibm cognos Analytics
Weaknesses CWE-80
CPEs cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm cognos Analytics
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-12-18T16:07:14.012Z

Updated: 2024-12-18T19:37:04.686Z

Reserved: 2024-07-22T12:02:37.814Z

Link: CVE-2024-41752

cve-icon Vulnrichment

Updated: 2024-12-18T19:37:00.210Z

cve-icon NVD

Status : Received

Published: 2024-12-18T17:15:13.223

Modified: 2024-12-18T17:15:13.223

Link: CVE-2024-41752

cve-icon Redhat

No data.