File Upload Vulnerability in IBM Cognos Analytics
CVE-2024-40695

8HIGH

Key Information:

Vendor: IBM
Vendor: CVE Published:; 20 December 2024

Summary

The vulnerability designated as CVE-2024-40695 affects specific versions of IBM Cognos Analytics, exposing the software to a significant security threat due to improper validation of uploaded files. From versions 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4, this flaw allows attackers to upload malicious executable files via the web interface. Such unregulated file uploads could lead to severe exploits, enabling cybercriminals to execute harmful actions on compromised systems, further endangering sensitive data and network integrity. Prompt remediation and strict upload validation protocols are essential to mitigate this risk. For more details on this vulnerability, please refer to the IBM support page.

References

https://www.ibm.com/support/pages/node/7179496

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2024