File Upload Vulnerability in IBM Cognos Controller
CVE-2024-40691
9.8CRITICAL
Summary
IBM Cognos Controller versions 11.0.0 and 11.0.1 are susceptible to a vulnerability that allows for the upload of malicious files through the web interface. This occurs due to the application’s failure to adequately validate the content of uploaded files. Exploitation of this flaw enables attackers to upload harmful executable files, potentially leading to further compromises within the affected system. Organizations utilizing these versions of Cognos Controller should take immediate action to secure their environments against this file upload weakness.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published