Main Vulnerability Database Vulnerabilities #VU108096

#VU108096 Arbitrary file upload in IBM Cognos Analytics - CVE-2024-40695

Published: May 1, 2025

Vulnerability identifier: #VU108096

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-40695

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Cognos Analytics

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to application does not validate the content of the file uploaded to the web interface. A remote user can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7179496

#VU108096 Arbitrary file upload in IBM Cognos Analytics - CVE-2024-40695

Description

Remediation

External links

Please verify you're human