CVE-2024-40695

Published Dec 20, 2024

Last updated 2 months ago

CVSS high 8.0

Overview

Description
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
Source
psirt@us.ibm.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@us.ibm.com
CWE-434

Social media

Hype score
Not currently trending

  1. CVE-2024-40695 (CVSS:8.0, HIGH) is Awaiting Analysis. IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file uplo..https://t.co/UgI1Li7HqN #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    25 Dec 2024

    140 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Threat Alert: CVE-2024-51466 (CVSS 9.0): Critical Vulnerability Found in IBM Cognos Analytics CVE-2024-51466 CVE-2024-40695 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/mF7sh386YW #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    24 Dec 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 IBM Cognos Analytics Vulnerabilities Disclosed! https://t.co/Oyvb7bYtpy 🔍 Critical flaws (CVE-2024-51466 & CVE-2024-40695) identified in Cognos Analytics software threaten sensitive data and system integrity. 💡 Affected versions: 12.0.0 - 12.0.4 & 11.2.0 - 11.2.4

    @GHak2learn27752

    22 Dec 2024

    151 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-51466 (CVSS 9.0): Critical Vulnerability Found in IBM Cognos Analytics Learn about the severe vulnerabilities in IBM Cognos Analytics platform (CVE-2024-51466 and CVE-2024-40695) and how to mitigate the risks. https://t.co/FK72QattTT

    @the_yellow_fall

    22 Dec 2024

    338 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-40695 Malicious File Upload Vulnerability in IBM Cognos Analytics Exploitable IBM Cognos Analytics versions from 11.2.0 to 11.2.4 FP4 and 12.0.0 to 12.0.4 might have a vulnerability linked to file upload... https://t.co/8wrZYO1PC2

    @VulmonFeeds

    20 Dec 2024

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-40695 IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file u… https://t.co/XnFxdkbon2

    @CVEnew

    20 Dec 2024

    387 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References