CVE-2024-51466
9.0CRITICALIBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to
Published: 12/20/2024Updated: 7/2/2025
Description
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
AI AnalysisPowered by AI
Affected Products
ibmcognos_analytics
ibmcognos_analytics
ibmcognos_analytics
11.2.4
ibmcognos_analytics
11.2.4
ibmcognos_analytics
11.2.4
ibmcognos_analytics
11.2.4
ibmcognos_analytics
11.2.4
ibmcognos_analytics
12.0.4
References
- https://www.ibm.com/support/pages/node/7179496PatchVendor Advisory