Security Bulletin: IBM Cognos Analytics is vulnerable to Malicious File Upload and EL Injection vulnerabilities (CVE-202
Posted: Wed May 07, 2025 1:36 pm
IBM Cognos Analytics is considered vulnerable to a Malicious File Upload which could allow a privileged user to upload malicious files that can be automatically processed within the product (CVE-2024-40695) and an Expression Language (EL) Injection which could allow a remote attacker to exploit to expose sensitive information and consume resources (CVE-2024-51466).
https://www.ibm.com/support/pages/secur ... 2024-51466
https://www.ibm.com/support/pages/secur ... 2024-51466