Remote Action Exploit in IBM Cognos Dashboards on Cloud Pak for Data
CVE-2024-41739

8.8HIGH

Key Information:

Vendor: IBM
Status: Cognos Dashboards On Cloud Pak For Data
Vendor: CVE Published:; 24 January 2025

What is CVE-2024-41739?

A vulnerability exists in IBM Cognos Dashboards versions 4.0.7 and 5.0.0 hosted on Cloud Pak for Data, which could enable remote attackers to execute unauthorized actions. This security flaw arises from dependency confusion, potentially compromising the integrity and confidentiality of user data.

Affected Version(s)

Cognos Dashboards on Cloud Pak for Data 4.0.7, 5.0.0

References

https://www.ibm.com/support/pages/node/7177766

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jul 22, 2024