Main Vulnerability Database Vulnerabilities #VU101326

#VU101326 Authentication bypass using an alternate path or channel in IBM Cognos Controller - CVE-2024-25036

Published: December 6, 2024

Vulnerability identifier: #VU101326

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-25036

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Cognos Controller

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote user to bypass security restrictions.

The vulnerability exists due to an alternate path or channel in the application. An authenticated user with local access can bypass security restrictions allowing users to circumvent restrictions imposed on input fields.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7177220

#VU101326 Authentication bypass using an alternate path or channel in IBM Cognos Controller - CVE-2024-25036

Description

Remediation

External links

Please verify you're human