PTA Highlights Severe Security Risk in IBM Cognos Analytics

ISLAMABAD: The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity advisory highlighting critical vulnerabilities in IBM Cognos Analytics. These flaws pose a serious threat, potentially allowing attackers to gain unauthorized access to systems. This warning is particularly concerning for businesses and government agencies relying on the software for data analysis and reporting, emphasizing the urgent need for security measures.

IBM® Cognos Analytics is a business intelligence solution that manages and analyses data. Users can prepare, explore, and share data using the self-service capabilities. Cognos Analytics encompasses numeric intelligence (NA) methods for prediction, description, and exploration.

Due to insufficient validation of column titles in the Cognos Assistant feature, these issues arise. An attacker could possibly cause data breaches or unauthorized acts by injecting malicious scripts into web pages viewed by other users due to XSS vulnerabilities.

There is a security hole in the IBM Planning Analytics Data Source Connection that could allow malicious actors to impersonate trusted entities, alter server traffic, and obtain sensitive data.

Affected Software Versions:

This issue affects the following versions of IBM Cognos Analytics:

• IBM Cognos Analytics 11.2.0 to 11.2.4
• IBM Cognos Analytics 12.0.0 to 12.0.2

Unauthorized access and possible data breaches are among the serious threats posed by the vulnerabilities, which fall under the CVE-2024-25041 and CVE-2024-25053 categories.

IBM’s security advice outlines patches, upgrades, and workarounds; PTA advises organizations employing affected versions of IBM Cognos Analytics to take urgent action by following this warning. To protect against known vulnerabilities, it is vital to update systems with the newest security patches regularly.

It is highly recommended that organizations keep an eye out for any suspicious activity and notify PTA through its CERT site or email in the event of any incidents.

PTA has issued this advisory as part of its continuing efforts to strengthen cybersecurity in Pakistan and safeguard vital infrastructure. Serious repercussions, such as monetary losses and reputational harm, could result from ignoring these vulnerabilities.