CVE-2024-41739

Published: Jan 24, 2025Modified: Aug 14, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.

Affected (2)

Products: Ibm: Cognos Dashboards On Cloud Pak For Data

Ibm

1 product

Cognos Dashboards On Cloud Pak For Data

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Cognos Dashboards On Cloud Pak For Data	Version 4.8.0
Ibm Cognos Dashboards On Cloud Pak For Data	Version 5.0.0

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (1)

https://www.ibm.com/support/pages/node/7177766

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.