CVE-2024-40695

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.0HIGH
EPSS
0.1%
top 78.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics
Timeline
PublishedDec 20

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

NVDibm/cognos_analytics11.2.011.2.4+3
CVEListV5ibm/cognos_analytics11.2.011.2.4+1

Patches

Patch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Cognos Analytics file upload2024-12-20
GHSA
GHSA-ch29-m9jp-wg9f: IBM Cognos Analytics 112024-12-20
CVE-2024-40695 (HIGH CVSS 8) | IBM Cognos Analytics 11.2.0 through | cvebase.io