CVE-2024-40695

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 

12.0.0 through 12.0.4



could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
ibmCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
ibmcognos_analytics
11.2.0 ≤
𝑥
< 11.2.4
ibmcognos_analytics
12.0.0 ≤
𝑥
< 12.0.4
ibmcognos_analytics
11.2.4
ibmcognos_analytics
11.2.4:fixpack1
ibmcognos_analytics
11.2.4:fixpack2
ibmcognos_analytics
11.2.4:fixpack3
ibmcognos_analytics
11.2.4:fixpack4
ibmcognos_analytics
12.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7179496