CVE-2024-28778

CWE-798Hard-coded Credentials3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 59.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cognos ControllerIBM Controller
Timeline
PublishedJan 7

Description

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5ibm/cognos_controller11.0.011.0.1
NVDibm/cognos_controller11.0.011.0.1
CVEListV5ibm/controller11.1.0
NVDibm/controller11.1.0

🔴Vulnerability Details

2
CVEList
IBM Cognos Controller information disclosure2025-01-07
GHSA
GHSA-6hqr-x7j2-4jmh: IBM Cognos Controller 112025-01-07
CVE-2024-28778 (MEDIUM CVSS 6.5) | IBM Cognos Controller 11.0.0 throug | cvebase.io