CVE-2024-28777

HIGH

IBM Cognos Controller 11.0.0-11.0.1 FP3 and IBM Controller 11.1.0 - Deserialization of Untrusted Data

Title source: llm
STIX 2.1

Description

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7183597

Scores

CVSS v3 8.8
EPSS 0.0039
EPSS Percentile 60.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-502
Status published
Products (2)
ibm/cognos_controller 11.0.0 - 11.0.1.4
ibm/controller 11.1.0
Published Feb 19, 2025
Tracked Since Feb 18, 2026