CVE-2024-45084

Published: Feb 19, 2025Modified: Sep 29, 2025

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

Affected (2)

Products: Ibm: Cognos Controller, Controller

Ibm

2 products

Cognos Controller

Controller

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Cognos Controller	From 11.0.0 to 11.0.1.4
Ibm Controller	Version 11.1.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

References (1)

https://www.ibm.com/support/pages/node/7183597

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.