CVE-2024-40702

CWE-295Improper Certificate Validation3 documents3 sources
Severity
8.2HIGH
EPSS
0.1%
top 73.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cognos ControllerIBM Controller
Timeline
PublishedJan 7

Description

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages4 packages

CVEListV5ibm/cognos_controller11.0.011.0.1
NVDibm/cognos_controller11.0.011.0.1
CVEListV5ibm/controller11.1.0
NVDibm/controller11.1.0

🔴Vulnerability Details

2
CVEList
IBM Cognos Controller improper certificate validation2025-01-07
GHSA
GHSA-xf84-f9vv-4vfx: IBM Cognos Controller 112025-01-07
CVE-2024-40702 (HIGH CVSS 8.2) | IBM Cognos Controller 11.0.0 throug | cvebase.io