PTA Issues Urgent Alert on IBM Cognos Analytics Vulnerabilities

Published:

PTA has issued an urgent cybersecurity advisory regarding critical vulnerabilities in IBM Cognos Analytics. These vulnerabilities could allow attackers to exploit systems, posing severe risks to enterprises and public sector organizations that depend on the software for data analysis and reporting. The vulnerabilities include cross-site scripting (XSS) attacks and issues with improper certificate validation, both of which can be manipulated by attackers to execute malicious commands or impersonate trusted entities during communication between servers.

IBM Cognos Analytics is widely used in Pakistan and globally for business intelligence, making these vulnerabilities particularly concerning. The cross-site scripting flaw stems from inadequate validation of column headings in the Cognos Assistant feature, while the certificate validation issue is linked to weaknesses in the IBM Planning Analytics Data Source Connection. The vulnerabilities have been officially identified as CVE-2024-25041 and CVE-2024-25053, affecting software versions 11.2.0 to 11.2.4 and 12.0.0 to 12.0.2. Exploiting these flaws could lead to unauthorized access, arbitrary command execution, and exposure of sensitive data.

PTA has urged all organizations using IBM Cognos Analytics to act immediately by referring to IBM’s official security advisory for patches, upgrades, or workaround solutions. The authority emphasized the importance of keeping software and systems updated with the latest security patches to prevent exploitation. Organizations are also encouraged to monitor their networks for suspicious activity and report any incidents promptly to PTA through its Computer Emergency Response Team (CERT) portal or via email.

This advisory reflects PTA’s ongoing efforts to enhance cybersecurity in Pakistan and safeguard critical digital infrastructure. Addressing these vulnerabilities is vital to mitigate risks for organizations that rely on IBM Cognos Analytics for their operations. Ignoring these issues could result in severe consequences, including data breaches, financial losses, and reputational damage. PTA’s intervention aims to promote awareness and ensure swift action to secure systems against potential cyber threats.

Related articles

spot_img

Recent articles

spot_img