Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-25053

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.

Published

2024-06-28T19:15:04.933

Last Modified

2025-11-03T22:16:47.543

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	cognos_analytics	11.2.0	Yes
Application	ibm	cognos_analytics	11.2.1	Yes
Application	ibm	cognos_analytics	11.2.2	Yes
Application	ibm	cognos_analytics	11.2.3	Yes
Application	ibm	cognos_analytics	11.2.4	Yes
Application	ibm	cognos_analytics	12.0.0	Yes
Application	ibm	cognos_analytics	12.0.1	Yes
Application	ibm	cognos_analytics	12.0.2	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/283364 VDB Entry ([email protected])
https://www.ibm.com/support/pages/node/7156941 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/283364 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241108-0002/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/7156941 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)