Input Field Bypass in IBM Cognos Controller Versions 11.0.0 and 11.0.1
CVE-2024-25036

3.3LOW

Key Information:

Vendor: IBM
Status: Cognos Controller
Vendor: CVE Published:; 3 December 2024

What is CVE-2024-25036?

A security vulnerability in IBM Cognos Controller versions 11.0.0 and 11.0.1 allows an authenticated user with local access to bypass security controls, enabling the circumvention of restrictions placed on input fields. This flaw poses a risk of unauthorized access to sensitive functionalities without proper validation. Users of these versions should review their security configurations and apply necessary mitigations.

References

https://www.ibm.com/support/pages/node/7177220

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2024