Cognos Controller Vulnerable to Malicious File Upload Attacks
CVE-2024-25020

9.8CRITICAL

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 December 2024

Summary

IBM Cognos Controller versions 11.0.0 and 11.0.1 are vulnerable to a significant security flaw that facilitates the upload of malicious files via the Journal entry page. This vulnerability stems from insufficient restrictions on filetype attachments, which could allow attackers to upload and execute harmful executable files within the system. Consequently, these files can be leveraged to conduct further attacks against victims, posing a considerable threat to data integrity and security.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.