Cognos Controller Vulnerable to Malicious File Upload Attacks
CVE-2024-25020
9.8CRITICAL
Summary
IBM Cognos Controller versions 11.0.0 and 11.0.1 are vulnerable to a significant security flaw that facilitates the upload of malicious files via the Journal entry page. This vulnerability stems from insufficient restrictions on filetype attachments, which could allow attackers to upload and execute harmful executable files within the system. Consequently, these files can be leveraged to conduct further attacks against victims, posing a considerable threat to data integrity and security.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published