← voltar
CVE-2024-25053

IBM Cognos Analytics improper certificate validation

CVSS 5.9 MEDIUMEPSS 0.3%CWE-295
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
28 jun 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
IBM · Cognos Analytics

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://exchange.xforce.ibmcloud.com/vulnerabilities/283364https://security.netapp.com/advisory/ntap-20241108-0002/https://www.ibm.com/support/pages/node/7156941