CVE-2024-40691

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1

Description The issue concerns a weakness in validating the content of files uploaded to the web interface, allowing attackers to upload malicious executable files into the system. These files can then be sent to victims for further attacks. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions 11.0.0 and 11.0.1, consider disabling file upload functionality in the web interface until a patch is available to prevent malicious file uploads. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the file upload feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.