Cyber Posture

CVE-2024-49352

High

Published: 05 February 2025

Published
05 February 2025
Modified
02 July 2025
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
EPSS Score 0.0020 41.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-49352 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Ibm Cognos Analytics. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the XXE vulnerability by identifying, reporting, and applying vendor patches for affected IBM Cognos Analytics versions.

SI-10 Information Input Validation good match
prevent

Validates XML inputs during processing to detect and reject external entities, preventing both sensitive information disclosure and memory exhaustion.

CM-6 Configuration Settings good match
prevent

Enforces secure configuration settings on XML parsers within IBM Cognos Analytics to disable external entity resolution and DTD processing.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

XXE flaw in network-reachable IBM Cognos Analytics directly enables remote exploitation of a public-facing application for sensitive data disclosure or DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or…

more

consume memory resources.

Deeper analysisAI

IBM Cognos Analytics versions 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 are affected by CVE-2024-49352, an XML External Entity Injection (XXE) vulnerability classified under CWE-611. This flaw occurs when the software processes XML data, enabling potential exploitation during XML parsing operations. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L), indicating high confidentiality impact with low availability impact.

A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to disclose sensitive information from the server or consume memory resources, leading to denial-of-service conditions.

IBM has published a security advisory at https://www.ibm.com/support/pages/node/7181480 providing details on the vulnerability, affected versions, and recommended mitigation steps, including available patches.

Details

CWE(s)
CWE-611

Affected Products

ibm
cognos analytics
11.2.4, 12.0.4 · 11.2.0 — 11.2.4 · 12.0.0 — 12.0.4

CVEs Like This One

CVE-2024-56340Same product: Ibm Cognos Analytics
CVE-2025-0162Same vendor: Ibm
CVE-2026-1567Same vendor: Ibm
CVE-2025-12531Same vendor: Ibm
CVE-2025-3320Same vendor: Ibm
CVE-2025-3354Same vendor: Ibm
CVE-2023-49886Same vendor: Ibm
CVE-2025-0160Same vendor: Ibm
CVE-2025-36247Same vendor: Ibm
CVE-2026-4101Same vendor: Ibm

References