IBM Cognos Analytics: Attackers can upload malicious code
Security updates close gaps in IBM Cognos Analytics. One vulnerability is considered critical.
(Image: Artur Szczybylo/Shutterstock.com)
IBM's business data visualization solution Cognos Analytics is vulnerable. Attackers can use two vulnerabilities to attack systems. Security patches are available for download.
In an article, the developers explain that versions 11.2.0 up to and including 11.2.4 FP4 and 12.0.0 up to and including 12.0.4 are affected. The security updates 11.2.4 FP5 and 12.0.4 Interim Fix 1 provide a remedy.
Updates close gaps
The "critical" vulnerability (CVE-2024-51466) could be used by remote attackers with a prepared expression language statement. They can then access sensitive information. Crashes can also occur.
Videos by heise
The second vulnerability (CVE-2024-40695 "high") affects the upload function. Because data is not sufficiently checked before uploading, attackers can upload executable files with malicious code to compromise systems.
There are no reports of attacks yet. However, admins should not delay too long before installing a secure version.
(des)
