CVE-2024-49352

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVSS

No CVSS.

References

Link	Resource
https://www.ibm.com/support/pages/node/7181480	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1::::::
	cpe:2.3:a:ibm:cognos_analytics:11.2.4:-::::::
	cpe:2.3:a:ibm:cognos_analytics::::::::
	cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2::::::
	cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3::::::
	cpe:2.3:a:ibm:cognos_analytics::::::::
	cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4::::::
	cpe:2.3:a:ibm:cognos_analytics:12.0.4:-::::::
	cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1::::::

History

02 Jul 2025, 15:59

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1:::::: cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:::::: cpe:2.3:a:ibm:cognos_analytics:::::::: cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4:::::: cpe:2.3:a:ibm:cognos_analytics:12.0.4:-:::::: cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3:::::: cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:::::: cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1::::::
References	~~() https://www.ibm.com/support/pages/node/7181480 -~~	() https://www.ibm.com/support/pages/node/7181480 - Patch, Vendor Advisory
First Time		Ibm cognos Analytics Ibm
CWE	~~CWE-611~~
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : unknown

05 Feb 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-05 11:15

Updated : 2025-07-02 15:59

NVD link : CVE-2024-49352

Mitre link : CVE-2024-49352

JSON object : View

Products Affected

ibm

cognos_analytics

CWE

No CWE.

JSON object

Attach tags to CVE-2024-49352

Attach tags to `CVE-2024-49352`