Malicious File Upload Vulnerability in IBM Cognos Controller
CVE-2024-25019

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Cognos Controller
Vendor: CVE Published:; 3 December 2024

What is CVE-2024-25019?

IBM Cognos Controller versions 11.0.0 and 11.0.1 contain a security vulnerability that allows attackers to upload malicious files through unsupported file formats in Journal entry attachments. This lack of proper validation can lead to the execution of harmful executable files, enabling further attacks on the system. Organizations using these versions of IBM Cognos Controller are advised to implement stringent file validation measures to mitigate the risk.

References

https://www.ibm.com/support/pages/node/7177220

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2024