Main Vulnerability Database Vulnerabilities #VU108096

Arbitrary file upload in IBM Cognos Analytics - CVE-2024-40695

Published: May 1, 2025

Vulnerability identifier: #VU108096

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-40695

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Cognos Analytics

Detailed vulnerability description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to application does not validate the content of the file uploaded to the web interface. A remote user can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

How to mitigate CVE-2024-40695

Install updates from vendor's website.

Sources

https://www.ibm.com/support/pages/node/7179496

Arbitrary file upload in IBM Cognos Analytics - CVE-2024-40695

Detailed vulnerability description

How to mitigate CVE-2024-40695

Sources

Please verify you're human