Tech Desk 
Dec 31, 2024
In the wake of potential vulnerabilities in IBM Cognos Analytics, the Pakistan Telecommunication Authority (PTA) has issued a warning against using IBM software solutions.
As mentioned in the PTA advisory, the security loophole in IBM Cognos Analytics can be exploited by notorious hackers eyeing to illicitly access users' personal and organisations' confidential data.
IBM Cognos Analytics is widely used for data analysis and reporting, making these vulnerabilities a potential cyber threat to enterprises and public sector entities, according to ProPakistani.
Notable among the loopholes are cross-site scripting (XSS) attacks triggered by inappropriate verification of column headings in the Cognos Assistant feature, and issues with improper certificate verification in the IBM Planning Analytics Data Source Connection.
Hackers can make use of these weaknesses to run malicious commands and even imitate credible entities by altering communication between servers.
IBM software versions impacted by the cyber attack include IBM Cognos Analytics 11.2.0 to 11.2.4 and 12.0.0 to 12.0.2, with the attack vector mainly involving cross-site scripting (XSS), with two key vulnerabilities identified as CVE-2024-25041 and CVE-2024-25053. These insecurities put systems at stake, leading to potential data breaches and unauthorised access.
In the warning issued by PTA, organisations using IBM Cognos Analytics are advised to undertake precautionary measures by approaching IBM’s security advisory for patches, upgrades, or workaround solutions.
To evade being caught off guard by such cyber threats, it's essential to keep systems and software updated with the latest security patches.
