Local File Inclusion Vulnerability in IBM Cognos Analytics by IBM
CVE-2024-56340

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 28 February 2025

Summary

IBM Cognos Analytics versions 11.2.0 to 11.2.4 FP5 are susceptible to a local file inclusion vulnerability. This security flaw allows attackers to exploit the deficon parameter by injecting path traversal payloads, potentially enabling unauthorized access to sensitive files on the system.

Affected Version(s)

Cognos Analytics 11.2.0 <= 11.2.4 FP5

References

https://www.ibm.com/support/pages/node/7183676

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Mario Tesoro