PT-2025-7416 · Ibm · Ibm Controller+1

Published

2025-02-18

Updated

2025-02-19

CVE-2024-45084

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0

Description The issue allows an authenticated attacker to conduct formula injection, potentially enabling the execution of arbitrary commands on the system. This is caused by improper validation of file contents.

Recommendations For IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3, update to a version that properly validates file contents to prevent formula injection. For IBM Controller version 11.1.0, consider disabling features that allow formula injection until a patch is available that corrects the improper validation of file contents.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236CWE-502

Related Identifiers

BDU:2025-02076

CVE-2024-45084

Affected Products

Ibm Cognos Controller

Ibm Controller

PT-2025-7416 · Ibm · Ibm Controller+1

CVE-2024-45084

Weakness Enumeration

Related Identifiers

Affected Products

References · 6