CVE-2024-25019Unrestricted File Upload in IBM Cognos Controller

CWE-434Unrestricted File Upload3 documents3 sources
Severity
9.8CRITICALNVD
CNA5.5
EPSS
0.1%
top 77.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Controller
Timeline
PublishedDec 3

Description

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/cognos_controller11.0.0, 11.0.1
NVDibm/cognos_controller11.0.0, 11.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-6c9h-x2w3-3j4c: IBM Cognos Controller 112024-12-03
CVEList
IBM Cognos Controller file upload2024-12-03
CVE-2024-25019 — Unrestricted File Upload in IBM | cvebase