PT-2025-9048 · Ibm · Ibm Cognos Analytics
Mario Tesoro
·
Published
2025-02-28
·
Updated
2025-10-17
·
CVE-2024-56340
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5
Description
The issue allows an attacker to access sensitive files by inserting path traversal payloads inside the
deficon parameter, enabling local file inclusion.Recommendations
For versions 11.2.0 through 11.2.4 FP5, avoid using the
deficon parameter in affected API endpoints until the issue is resolved.Exploit
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Analytics