Islamabad, Dec 30: The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity advisory warning about multiple vulnerabilities found in IBM Cognos Analytics. These vulnerabilities could be exploited by attackers to compromise systems, making the issue particularly concerning for enterprises and public sector entities that rely on the software for data analysis and reporting.
These are caused by inadequate validation of column headings in the Cognos Assistant feature. XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions or data breaches.
This vulnerability exists in the IBM Planning Analytics Data Source Connection, where attackers could manipulate communication between servers and impersonate trusted entities, potentially gaining access to sensitive data.
Affected Versions:
The following versions of IBM Cognos Analytics are affected:
- IBM Cognos Analytics 11.2.0 to 11.2.4
- IBM Cognos Analytics 12.0.0 to 12.0.2
The vulnerabilities are categorized under CVE-2024-25041 and CVE-2024-25053, posing significant risks, including unauthorized access and potential data breaches.
PTA urges organizations using affected versions of IBM Cognos Analytics to take immediate action by following IBM’s security advisory, which provides details on patches, upgrades, or workarounds. Regularly updating systems with the latest security patches is essential to protect against known vulnerabilities.
Organizations are also encouraged to monitor for suspicious activities and report any incidents to PTA through its CERT portal or via email.
This advisory is part of PTA’s ongoing efforts to enhance cybersecurity in Pakistan and protect critical infrastructure. If left unaddressed, these vulnerabilities could lead to severe consequences, including financial losses and reputational damage.
