CVE-2024-28780Use of a Broken or Risky Cryptographic Algorithm in IBM Cognos Controller

CWE-327Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 86.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cognos ControllerIBM Controller
Timeline
PublishedFeb 19

Description

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

NVDibm/cognos_controller11.0.011.0.1.4
CVEListV5ibm/cognos_controller11.0.011.0.1
CVEListV5ibm/controller11.1.0
NVDibm/controller11.1.0

🔴Vulnerability Details

2
CVEList
IBM Cognos Controller information disclosure2025-02-19
GHSA
GHSA-p37p-7h4r-xmh4: IBM Cognos Controller 112025-02-19
CVE-2024-28780 — IBM Cognos Controller vulnerability | cvebase