CVE-2024-25019

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 3, 2024
Updated: Dec 11, 2024
CWE ID 434

Summary

CVE-2024-25019 is a vulnerability affecting IBM Cognos Controller versions 11.0.0 and 11.0.1. This issue arises due to a lack of validation for file types during journal entry attachment uploads, enabling attackers to upload malicious executable files. Such files can then be distributed to unsuspecting victims, potentially leading to further attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share