PT-2025-1040 · Ibm · Ibm Cognos Controller+1
Published
2025-01-06
·
Updated
2025-01-07
·
CVE-2024-25037
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Controller versions 11.0.0 through 11.0.1
IBM Controller version 11.1.0
Description
The issue is related to the error reporting mechanism in IBM Cognos Controller and IBM Controller, which could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. This is due to shortcomings in the error reporting mechanism. The exploitation of this issue may enable an unauthorized party to gain access to protected information.
Recommendations
For IBM Cognos Controller versions 11.0.0 through 11.0.1, consider disabling the error reporting feature that returns stack traces in the browser until a patch is available.
For IBM Controller version 11.1.0, restrict access to the error reporting module to minimize the risk of exploitation.
As a temporary workaround, avoid displaying stack traces in the browser for all affected versions until the issue is resolved.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Controller
Ibm Controller