IBM Cognos Controller Hard-Coded Credentials Vulnerability
CVE-2024-41777

7.5HIGH

Key Information:

Vendor: IBM
Status: Cognos Controller
Vendor: CVE Published:; 3 December 2024

Summary

The vulnerability allows unauthorized access due to the presence of hard-coded credentials within IBM Cognos Controller versions 11.0.0 and 11.0.1. These credentials can be utilized for inbound authentication processes, facilitate outbound communications with external components, or be employed for the encryption of sensitive internal data. Organizations using these affected versions are advised to assess their security posture and consider remediation to safeguard their systems.

References

https://www.ibm.com/support/pages/node/7177220

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 3, 2024

Collectors

NVD Database