File Upload Vulnerability in IBM Cognos Analytics
CVE-2024-40695

8HIGH

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 20 December 2024

What is CVE-2024-40695?

The vulnerability designated as CVE-2024-40695 affects specific versions of IBM Cognos Analytics, exposing the software to a significant security threat due to improper validation of uploaded files. From versions 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4, this flaw allows attackers to upload malicious executable files via the web interface. Such unregulated file uploads could lead to severe exploits, enabling cybercriminals to execute harmful actions on compromised systems, further endangering sensitive data and network integrity. Prompt remediation and strict upload validation protocols are essential to mitigate this risk. For more details on this vulnerability, please refer to the IBM support page.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.ibm.com/support/pages/node/7179496

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2024

JSON

IBM

What is CVE-2024-40695?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.