Authenticated File Upload in IBM Cognos Controller 11.0.0-11.0.1
CVE-2024-45676 Published on December 3, 2024

IBM Cognos Controller file upload
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction.

NVD

Vulnerability Analysis

CVE-2024-45676 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Insufficient Type Distinction

The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.

Products Associated with CVE-2024-45676

Want to know whenever a new CVE is published for IBM Cognos Controller? stack.watch will email you.

IBM Cognos Controller

Affected Versions

IBM Cognos Controller Version 11.0.0, 11.0.1 is affected by CVE-2024-45676

Exploit Probability

EPSS

0.07%

Percentile

21.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Authenticated File Upload in IBM Cognos Controller 11.0.0-11.0.1CVE-2024-45676 Published on December 3, 2024

Vulnerability Analysis

Weakness Type

Insufficient Type Distinction

Products Associated with CVE-2024-45676

Affected Versions

Exploit Probability

Authenticated File Upload in IBM Cognos Controller 11.0.0-11.0.1
CVE-2024-45676 Published on December 3, 2024