CVE-2024-45084

CWE-1236 CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.0HIGH

EPSS

0.3%

top 50.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Controller IBM Controller

Timeline

PublishedFeb 19

Description

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages4 packages

▶NVDibm/cognos_controller11.0.0 — 11.0.1.4

▶CVEListV5ibm/cognos_controller11.0.0 — 11.0.1

▶CVEListV5ibm/controller11.1.0

▶NVDibm/controller11.1.0

🔴Vulnerability Details

CVEList

IBM Cognos Controller CSV injection↗2025-02-19

▶

GHSA

GHSA-658q-f487-r8h7: IBM Cognos Controller 11↗2025-02-19

▶