CVE-2024-56340

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ibmCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
ibmcognos_analytics
11.2.0 ≤
𝑥
< 11.2.4
ibmcognos_analytics
12.0.0 ≤
𝑥
< 12.0.4
ibmcognos_analytics
11.2.4
ibmcognos_analytics
11.2.4:fixpack1
ibmcognos_analytics
11.2.4:fixpack2
ibmcognos_analytics
11.2.4:fixpack3
ibmcognos_analytics
11.2.4:fixpack4
ibmcognos_analytics
11.2.4:fixpack5
ibmcognos_analytics
12.0.4
ibmcognos_analytics
12.0.4:interim_fix_1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7183676
https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-56340