1. Home
  2. CVE Database
  3. CVE-2024-40691
HIGH · 8.0

CVE-2024-40691

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness ...

Vulnerability Description

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IbmCognos Controller11.0.0

Related Weaknesses (CWE)

CWE-434

References

FAQ

What is CVE-2024-40691?

CVE-2024-40691 is a vulnerability with a CVSS score of 8.0 (HIGH). IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness ...

How severe is CVE-2024-40691?

CVE-2024-40691 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-40691?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Cognos Controller.