CVE-2024-52902

HIGH

IBM Cognos Controller 11.0.0-11.0.1 FP3 and IBM Controller 11.1.0 - Use of Hard-coded Credentials

Title source: llm
STIX 2.1

Description

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7183597

Scores

CVSS v3 8.8
EPSS 0.0011
EPSS Percentile 28.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-798
Status published
Products (2)
ibm/cognos_controller 11.0.0 - 11.0.1.4
ibm/controller 11.1.0
Published Feb 19, 2025
Tracked Since Feb 18, 2026