Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-51466

CVE-2024-51466

CRITICAL9.0

IBM Cognos Analytics expression language injection

Published Dec 20, 2024

Modified 1 years ago

Details

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and

12.0.0 through 12.0.4

is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.

References

https://www.cve.org/CVERecord?id=CVE-2024-51466

https://www.ibm.com/support/pages/node/7179496

CVSS Analysis

CVSS v3.1

9.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

Injection

Expression Language Injection

Ecosystems

Timeline

PublishedDec 20, 2024

ModifiedDec 20, 2024

CVE-2024-51466 | Mondoo Vulnerability Intelligence