What is CVE-2024-40695?

CVE-2024-40695 is a high-severity vulnerability in Ibm Cognos Analytics, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.0/10. Published 2024-12-20.

How severe is CVE-2024-40695?

High severity. CVSS v3 base score is 8.0 out of 10.

Arbitrary file upload in Ibm Cognos Analytics

CVE-2024-40695

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and…

Vulnerability class: Unrestricted File Upload

EPSS: 0.001 (26.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Ibm Cognos Analytics — versions 11.2.0, 12.0.0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

www.ibm.com/support/pages/node/7179496 (vendor-advisory)

Frequently asked questions

What is CVE-2024-40695?: CVE-2024-40695 is a high-severity vulnerability in Ibm Cognos Analytics, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.0/10. Published 2024-12-20.
How severe is CVE-2024-40695?: High severity. CVSS v3 base score is 8.0 out of 10.