On June 21, 2024, NetApp issued an advisory regarding multiple vulnerabilities found in IBM Cognos Analytics, which are integrated into several NetApp products. The affected versions include IBM Cognos Analytics 12.0 through 12.0.2 and 11.2.0 through 11.2.4 FP2.
These vulnerabilities, identified by various CVEs such as CVE-2023-44981 and CVE-2024-25047, pose significant risks including the potential for sensitive information disclosure, unauthorized data modification, and Denial of Service (DoS) attacks.
IBM has addressed these vulnerabilities by upgrading or removing the affected open-source software components in the latest versions of Cognos Analytics. One critical vulnerability, CVE-2024-25047, could lead to injection attacks if left unpatched. Users are strongly encouraged to upgrade to the latest available versions to mitigate these risks and ensure their systems remain secure.
NetApp underscores the importance of this advisory as the authoritative source of current, accurate information regarding these vulnerabilities. Customers are advised to regularly check for updates to this advisory to stay informed about any new developments or additional remediation steps.
For those who want to stay updated, NetApp offers an email subscription service to notify users whenever new security advisories are posted or existing ones are updated. By subscribing, users can ensure they receive timely updates and take prompt action to protect their systems against these critical vulnerabilities.
Reference:
