IBM has released a security bulletin warning about two high-severity vulnerabilities in its Cognos Analytics platform that could lead to unauthorized file uploads and data exposure. Organizations are urged to update their software immediately to mitigate these risks.
Keypoints :
- Two critical vulnerabilities have been identified in IBM Cognos Analytics: CVE-2024-40695 (Malicious File Upload) and CVE-2024-51466 (Expression Language Injection).
- CVE-2024-40695 allows attackers to upload malicious files due to improper validation, affecting versions 12.0.0–12.0.4 and 11.2.0–11.2.4 FP4.
- CVE-2024-51466 enables remote code injection through Expression Language, potentially causing server crashes and data leaks, and affects the same versions.
- Both vulnerabilities pose high to critical risks, with CVSS scores of 8.0 and 9.0 respectively.
- IBM recommends immediately updating Cognos Analytics to the latest patched versions: 12.0.4 FP1 and 11.2.4 FP5, as no workarounds are available.
- The flaws threaten the confidentiality, integrity, and availability of enterprise analytics data and systems.
- Prompt action is essential to protect systems from exploitation and minimize potential damage.
Read More: https://gbhackers.com/ibm-cognos-analytics-security-vulnerability/