What is CVE-2024-40702?

CVE-2024-40702 is a high-severity vulnerability in Ibm Cognos Controller, classified under Improper Certificate Validation. CVSS score: 8.2/10. Published 2025-01-07.

How severe is CVE-2024-40702?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Ibm Cognos Controller

CVE-2024-40702

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.

Vulnerability class: Improper Certificate Validation

EPSS: 0.001 (32.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Ibm Cognos Controller — versions 11.0.0
Ibm Controller — versions 11.1.0

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

www.ibm.com/support/pages/node/7179163

Frequently asked questions

What is CVE-2024-40702?: CVE-2024-40702 is a high-severity vulnerability in Ibm Cognos Controller, classified under Improper Certificate Validation. CVSS score: 8.2/10. Published 2025-01-07.
How severe is CVE-2024-40702?: High severity. CVSS v3 base score is 8.2 out of 10.