CVE-2024-45084

HIGH

IBM Cognos Controller <11.0.2 - Command Injection

Title source: llm

Description

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7183597

Scores

CVSS v3 8.0

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1236

Status published

Products (2)

ibm/cognos_controller 11.0.0 - 11.0.1.4

ibm/controller 11.1.0

Published Feb 19, 2025

Tracked Since Feb 18, 2026