CVE-2024-40695
Last modified
CVE-2024-40695 is a high-severity vulnerability rated 8/10 on the CVSS scale. IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.
Description
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Cognos Analytics | >= 11.2.0, < 11.2.4 |
| Ibm | Cognos Analytics | >= 12.0.0, < 12.0.4 |
| Ibm | Cognos Analytics | 11.2.4 |
| Ibm | Cognos Analytics | 12.0.4 |
References
- https://www.ibm.com/support/pages/node/7179496Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-40695?
How severe is CVE-2024-40695?
How do I fix CVE-2024-40695?
Are you affected by CVE-2024-40695?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST