CVE-2024-56340

MEDIUM

IBM Cognos Analytics < 11.2.4 - Path Traversal

Title source: rule

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0184
EPSS Percentile 82.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-23
Status published

Affected Products (9)

ibm/cognos_analytics < 11.2.4
ibm/cognos_analytics
ibm/cognos_analytics
ibm/cognos_analytics
ibm/cognos_analytics
ibm/cognos_analytics
ibm/cognos_analytics
ibm/cognos_analytics
ibm/cognos_analytics

Timeline

Published Feb 28, 2025
Tracked Since Feb 18, 2026