The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity advisory highlighting multiple vulnerabilities in IBM Cognos Analytics, which could be exploited by attackers to compromise systems.
IBM Cognos Analytics is widely used for data analysis and reporting, making the vulnerabilities particularly concerning for enterprises and public sector entities.
The vulnerabilities include cross-site scripting (XSS) attacks caused by inadequate validation of column headings in the Cognos Assistant feature and issues with improper certificate validation in the IBM Planning Analytics Data Source Connection. These weaknesses could enable remote attackers to execute malicious commands or impersonate trusted entities by manipulating communication between servers.
Affected Versions
According to the advisory, affected software versions include IBM Cognos Analytics 11.2.0 to 11.2.4 and 12.0.0 to 12.0.2. The attack vector primarily involves cross-site scripting (XSS), with two key vulnerabilities identified as CVE-2024-25041 and CVE-2024-25053. These vulnerabilities expose systems to significant risks, including unauthorized access and potential data breaches.
PTA has urged organizations using IBM Cognos Analytics to take immediate action by referring to IBM’s security advisory for patches, upgrades, or workaround solutions. Keeping systems and software up-to-date with the latest security patches is strongly recommended to prevent the exploitation of known vulnerabilities. Organizations are also encouraged to monitor for any suspicious activities and report incidents promptly to PTA through its CERT portal or via email.
According to the PTA, the advisory comes as part of PTA’s ongoing efforts to strengthen cybersecurity in Pakistan and safeguard critical infrastructure. By addressing these vulnerabilities, PTA aims to mitigate the risks posed to organizations that rely on IBM Cognos Analytics for data and business intelligence operations. Failure to address these issues could lead to severe consequences, including financial losses and reputational damage.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
