Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-51466

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.

Published

2024-12-20T14:15:24.250

Last Modified

2025-07-02T15:58:56.447

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-917

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	cognos_analytics	< 11.2.4	Yes
Application	ibm	cognos_analytics	< 12.0.4	Yes
Application	ibm	cognos_analytics	11.2.4	Yes
Application	ibm	cognos_analytics	11.2.4	Yes
Application	ibm	cognos_analytics	11.2.4	Yes
Application	ibm	cognos_analytics	11.2.4	Yes
Application	ibm	cognos_analytics	11.2.4	Yes
Application	ibm	cognos_analytics	12.0.4	Yes

References

https://www.ibm.com/support/pages/node/7179496 Patch, Vendor Advisory ([email protected])