PT-2024-31723 · Ibm · Ibm Cognos Controller
Published
2024-12-03
·
Updated
2024-12-11
·
CVE-2024-45676
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM Cognos Controller versions 11.0.0 through 11.0.1
Description:
The issue allows an authenticated user to upload insecure files due to insufficient file type distinction.
Recommendations:
For versions 11.0.0 through 11.0.1, consider restricting file uploads to only necessary and secure file types until a patch is available.
As a temporary workaround, consider implementing additional validation on uploaded files to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Controller