Primary

Context

IBM Cognos Analytics Directory Traversal Vulnerability Allowing Arbitrary File Access

Vulnerability

Patched

A directory traversal vulnerability has been identified in IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4. This vulnerability could allow a remote attacker to traverse directories on the system by sending a specially crafted URL request that includes 'dot dot' sequences. Exploitation of this vulnerability could lead to unauthorized access to arbitrary files on the system.

Impact

Exploitation of this vulnerability could result in local file inclusion, allowing an attacker to access sensitive files on the system.

Remediation

Users are advised to upgrade to IBM Cognos Analytics 12.0.4 IF2 or 11.2.4 IF4.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Cognos Analytics Directory Traversal Vulnerability Allowing Arbitrary File Access

Vulnerability

Impact

Remediation

Affected Products

IBM Cognos Analytics

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating