CVE-2024-28778

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1 IBM Controller version 11.1.0

Description The issue is related to the exposure of Artifactory API keys, allowing users to publish code to private packages or repositories under the organization's name. This vulnerability is also associated with the use of hardcoded credentials, which can enable a remote attacker to gain unauthorized access to protected information.

Recommendations For IBM Cognos Controller versions 11.0.0 through 11.0.1, consider disabling the use of Artifactory API keys until a patch is available. For IBM Controller version 11.1.0, restrict access to private packages or repositories to minimize the risk of exploitation. As a temporary workaround, avoid using hardcoded credentials in both IBM Cognos Controller and IBM Controller until the issue is resolved.