CVE-2024-40691 — Unrestricted File Upload in IBM Cognos Controller

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICALNVD

CNA8.0

EPSS

0.1%

top 68.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Controller

Timeline

PublishedDec 3

Description

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/cognos_controller11.0.0, 11.0.1

▶NVDibm/cognos_controller11.0.0, 11.0.1+1

🔴Vulnerability Details

GHSA

GHSA-8x6f-x28r-pfq4: IBM Cognos Controller 11↗2024-12-03

▶

CVEList

IBM Cognos Controller file upload↗2024-12-03

▶