CVE-2024-25036

Published: Dec 3, 2024Modified: Dec 11, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.

Affected (2)

Products: Ibm: Cognos Controller

Ibm

1 product

Cognos Controller

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Cognos Controller	Version 11.0.0
Ibm Cognos Controller	Version 11.0.1

Related CWEs

CWE-288

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (1)

https://www.ibm.com/support/pages/node/7177220

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.