CVE-2024-45082 MEDIUM

CVE-2024-45082: IBM Cognos Analytics HTTP open redirection

Vendor Ibm

Product Cognos Analytics

Weakness CWE-601 · Open redirect

Published December 18, 2024

Last update December 18, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.

Key dates

02Disclosure timeline

December 18, 2024 CVE published

December 18, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45082

Related vulnerabilities

Identifiers

CVE CVE-2024-45082

CWE CWE-601

CVSS 6.8 / MEDIUM

Affected versions

Vendor Ibm

Product Cognos Analytics

Affected ≥ 11.2.0 and ≤ 11.2.4

Vendor Ibm

Product Cognos Analytics

Affected ≥ 12.0.0 and ≤ 12.0.3

CVE-2024-45082: IBM Cognos Analytics HTTP open redirection

01Description

02Disclosure timeline

03References

04Related CVE