CVE-2024-40695

Published: Dec 20, 2024Modified: Jul 2, 2025

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

Affected (8)

Products: Ibm: Cognos Analytics

Ibm

1 product

Cognos Analytics

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Ibm Cognos Analytics	From 11.2.0 to 11.2.4
Ibm Cognos Analytics	From 12.0.0 to 12.0.4
Ibm Cognos Analytics	Version 11.2.4
Ibm Cognos Analytics	Version 11.2.4 fixpack1
Ibm Cognos Analytics	Version 11.2.4 fixpack2
Ibm Cognos Analytics	Version 11.2.4 fixpack3
Ibm Cognos Analytics	Version 11.2.4 fixpack4
Ibm Cognos Analytics	Version 12.0.4

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://www.ibm.com/support/pages/node/7179496

Source: psirt@us.ibm.com

PatchVendor Advisory

Timeline

No history available yet.