CVE-2024-41739

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 24, 2025
CWE ID 427

Summary

CVE-2024-41739 is a newly disclosed vulnerability affecting IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data. This issue stems from dependency confusion, allowing a remote attacker to execute unauthorized actions. The attacker can potentially exploit this weakness by tricking the system into loading a malicious library, taking advantage of the dashboard's dependency resolution mechanism. This vulnerability poses a serious risk, as it enables unauthenticated attackers to potentially gain control over the system and execute malicious code. Organizations using the affected versions of IBM Cognos Dashboards on Cloud Pak for Data are strongly advised to apply the available patches as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share