CVE-2024-28778
MEDIUMIBM Cognos Controller 11.0.0-11.0.1 and IBM Controller 11.1.0 - Exposure of Hard-coded Artifactory API Keys
Title source: llmDescription
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.
References (1)
Core 1
Core References
Vendor Advisory
https://www.ibm.com/support/pages/node/7179163
Scores
CVSS v3
6.5
EPSS
0.0019
EPSS Percentile
40.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-798
Status
published
Products (2)
ibm/cognos_controller
11.0.0 - 11.0.1
ibm/controller
11.1.0
Published
Jan 07, 2025
Tracked Since
Feb 18, 2026