Local File Inclusion Vulnerability in IBM Cognos Analytics by IBM
CVE-2024-56340

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 28 February 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

IBM Cognos Analytics versions 11.2.0 to 11.2.4 FP5 are susceptible to a local file inclusion vulnerability. This security flaw allows attackers to exploit the deficon parameter by injecting path traversal payloads, potentially enabling unauthorized access to sensitive files on the system.

Affected Version(s)

Cognos Analytics 11.2.0 <= 11.2.4 FP5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-56340
Created by MarioTesoro

References

https://www.ibm.com/support/pages/node/7183676

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 1, 2025
👾
Exploit known to exist
Mar 1, 2025
Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Mario Tesoro