{"cve":{"cve_id":"CVE-2024-25047","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00643,"epss_percentile":0.46037,"epss_as_of":"2026-06-23","description":"IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system.  IBM X-Force ID:  282956.","published_at":"2024-05-02T20:09:21.479000Z","last_modified_at":null,"cvss_v3_score":8.6,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":["CWE-117"],"nvd_references":["https://www.ibm.com/support/pages/node/7149874","https://exchange.xforce.ibmcloud.com/vulnerabilities/282956","https://security.netapp.com/advisory/ntap-20240621-0007/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:53:22.351451Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"cognos-analytics","product_name":"cognos_analytics","version_start":"11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2","version_start_inclusive":true,"version_end":"11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:cognos-analytics:11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2:11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.ibm.com/support/pages/node/7149874","source_type":"MISC","tags":[]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/282956","source_type":"MISC","tags":[]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0007/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-05-02T20:09:21.479000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:34:24.967237Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:34:24.967237Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:34:24.967237Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:53:22.351451Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:53:22.351451Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:53:22.351451Z","label":"SSVC decision revised","source":"vulnrichment"}]}