Main Vulnerability Database Vulnerabilities #VU101326

Authentication bypass using an alternate path or channel in IBM Cognos Controller - CVE-2024-25036

Published: December 6, 2024

Vulnerability identifier: #VU101326

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-25036

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Cognos Controller

Detailed vulnerability description

The vulnerability allows a remote user to bypass security restrictions.

The vulnerability exists due to an alternate path or channel in the application. An authenticated user with local access can bypass security restrictions allowing users to circumvent restrictions imposed on input fields.

How to mitigate CVE-2024-25036

Install updates from vendor's website.

Sources

https://www.ibm.com/support/pages/node/7177220

Authentication bypass using an alternate path or channel in IBM Cognos Controller - CVE-2024-25036

Detailed vulnerability description

How to mitigate CVE-2024-25036

Sources

Please verify you're human