File Upload Vulnerability in IBM Cognos Controller
CVE-2024-40691

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Cognos Controller
Vendor: CVE Published:; 3 December 2024

Summary

IBM Cognos Controller versions 11.0.0 and 11.0.1 are susceptible to a vulnerability that allows for the upload of malicious files through the web interface. This occurs due to the application’s failure to adequately validate the content of uploaded files. Exploitation of this flaw enables attackers to upload harmful executable files, potentially leading to further compromises within the affected system. Organizations utilizing these versions of Cognos Controller should take immediate action to secure their environments against this file upload weakness.

References

https://www.ibm.com/support/pages/node/7177220

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 3, 2024