CVE-2024-52902

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0

Description The issue concerns hard-coded database passwords in the source code of the client application, which could be used for unauthorized access to the system.

Recommendations For IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3, consider removing or modifying the hard-coded database passwords to prevent unauthorized access. For IBM Controller version 11.1.0, remove or modify the hard-coded database passwords in the client application to minimize the risk of exploitation. As a temporary workaround, restrict access to the database until the hard-coded passwords are removed or modified.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2025-02075

CVE-2024-52902

Affected Products

Ibm Cognos Controller

Ibm Controller

CVE-2024-52902

Weakness Enumeration

Related Identifiers

Affected Products

References · 8