CVE-2024-40703

MEDIUM

IBM Cognos Analytics <12.0.3 - Info Disclosure

Title source: llm

Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/7160700

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/7168038

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (5)

ibm/cognos_analytics < 11.2.3

ibm/cognos_analytics

ibm/cognos_analytics_reports

Timeline

Published Sep 22, 2024

Tracked Since Feb 18, 2026