CVE-2024-25053 MEDIUM

CVE-2024-25053: IBM Cognos Analytics improper certificate validation

Vendor Ibm
Product Cognos Analytics
Weakness CWE-295
Published June 28, 2024
Last update November 3, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.

Key dates

02Disclosure timeline

June 28, 2024 CVE published
November 3, 2025 Record updated