← back
CVE-2024-25036

IBM Cognos Controller authentication bypass

CVSS 4.3 MEDIUMEPSS 0.2%CWE-288
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
IBM · Cognos Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →