CVE-2024-25019

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1

Description The issue concerns a malicious file upload vulnerability due to the lack of validation of the type of file uploaded to Journal entry attachments. Attackers can exploit this weakness to upload malicious executable files into the system, which can then be sent to victims to perform further attacks.

Recommendations For versions 11.0.0 through 11.0.1, consider disabling the file upload feature for Journal entry attachments until a patch is available to prevent malicious file uploads. Restrict access to the Journal entry attachments module to minimize the risk of exploitation. Avoid using the file upload feature in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.