CVE-2024-51466
CRITICALDescription
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
Is your site exposed to CVE-2024-51466?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | cognos_analytics |
| ibm | cognos_analytics |
| ibm | cognos_analytics |
| ibm | cognos_analytics |
| ibm | cognos_analytics |
| ibm | cognos_analytics |
| ibm | cognos_analytics |
| ibm | cognos_analytics |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-51466? +
How severe is CVE-2024-51466? +
What products are affected by CVE-2024-51466? +
How do I check if I'm vulnerable to CVE-2024-51466? +
Related Vulnerabilities
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications …
An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when …
In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but …
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code …
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software …