Weak Cryptographic Algorithms in IBM Cognos Controller and IBM Controller
CVE-2024-28780

5.9MEDIUM

Key Information:

Vendor
IBM
Status
Cognos Controller
Controller
Vendor
CVE Published:
19 February 2025

Summary

IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 and the IBM Controller 11.1.0 Rich Client are affected by a vulnerability due to the use of inadequate cryptographic algorithms. This weakness allows potential attackers to decrypt sensitive information, posing a significant risk to data integrity and confidentiality. Organizations using these products are advised to take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

Cognos Controller 11.0.0 <= 11.0.1

Controller 11.1.0

References

https://www.ibm.com/support/pages/node/7183597
vendor-advisory

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.