CVE-2024-56340

CWE-233 documents3 sources
Severity
6.5MEDIUM
EPSS
12.2%
top 6.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics
Timeline
PublishedFeb 28

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/cognos_analytics11.2.011.2.4+3
CVEListV5ibm/cognos_analytics11.2.011.2.4 FP5

Patches

Patch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Cognos Analytics path traversal2025-02-28
GHSA
GHSA-j4w4-g97j-m5q9: IBM Cognos Analytics 112025-02-28
CVE-2024-56340 (MEDIUM CVSS 6.5) | IBM Cognos Analytics 11.2.0 through | cvebase.io