CNNVD-202506-3608 Information
CNNVD ID
CNNVD-202506-3608
Related CVE
- CNNVD Published: 2025-06-28
Description (Chinese)
IBM Cognos Analytics是美国国际商业机器(IBM)公司的一套商业智能软件。该软件包括报表、仪表板和记分卡等,并可通过分析关键因素与关键人等内容,协助企业调整决策。 IBM Cognos Analytics 11.2.0至12.2.4 Fix Pack 5版本和12.0.0至12.0.4版本存在跨站脚本漏洞,该漏洞源于存储型跨站脚本,可能导致认证用户在Web UI中嵌入任意JavaScript代码。
Description (English)
IBM Cognos Analytics is a business intelligence software package for the United States International Business Machine (IBM). The software includes statements, dashboards and scorecards and can assist enterprises in adjusting their decision-making by analysing key factors and people. IBM Cognos Analytics 11.2.0 to 12.2.4 Fix Pack 5 and 12.0.0 to 12.0.4 have cross-site script holes, which originate from storage-type cross-site scripts and may result in the authentication user embedding any JavaScript code in Web UI.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
国际商业机器
Published
2025-06-28
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7238163 https://access.redhat.com/security/cve/cve-2024-52900
Patch
https://www.ibm.com/support/pages/node/7238163
Share on: