CVSS: 8.0EPSS: %CPEs: 2EXPL: 0CVE-2024-40695 – IBM Cognos Analytics file upload
https://notcve.org/view.php?id=CVE-2024-40695
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. • https://www.ibm.com/support/pages/node/7179496 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: %CPEs: 2EXPL: 0CVE-2024-51466 – IBM Cognos Analytics expression language injection
https://notcve.org/view.php?id=CVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. • https://www.ibm.com/support/pages/node/7179496 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25042 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2024-25042
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. • https://www.ibm.com/support/pages/node/7173592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45082 – IBM Cognos Analytics HTTP open redirection
https://notcve.org/view.php?id=CVE-2024-45082
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. • https://www.ibm.com/support/pages/node/7177223 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41752 – IBM Cognos Analytics HTML injection
https://notcve.org/view.php?id=CVE-2024-41752
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. • https://www.ibm.com/support/pages/node/7177223 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •