CVE-2024-28777

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 39.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cognos ControllerIBM Controller
Timeline
PublishedFeb 19

Description

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDibm/cognos_controller11.0.011.0.1.4
CVEListV5ibm/cognos_controller11.0.011.0.1
CVEListV5ibm/controller11.1.0
NVDibm/controller11.1.0

🔴Vulnerability Details

2
CVEList
IBM Cognos Controller code execution2025-02-19
GHSA
GHSA-3c99-j6qp-35xx: IBM Cognos Controller 112025-02-19
CVE-2024-28777 (HIGH CVSS 8.8) | IBM Cognos Controller 11.0.0 throug | cvebase.io