Authorization Flaw in IBM Cognos Controller and IBM Controller
CVE-2024-45081

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Controller; Controller
Vendor: CVE Published:; 19 February 2025

Summary

The vulnerability in IBM Cognos Controller and IBM Controller arises from improper authorization checks which could allow authenticated users to alter restricted content. This oversight has the potential to lead to significant data integrity issues and poses a risk to sensitive information management within the affected software versions.

Affected Version(s)

Cognos Controller 11.0.0 <= 11.0.1

Controller 11.1.0

References

https://www.ibm.com/support/pages/node/7183597

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Aug 21, 2024