CVE-2024-56340

MEDIUM

IBM Cognos Analytics < 11.2.4 - Path Traversal

Title source: rule

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

References (2)

[Various Sources] https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-56340

View Writeup ZIP pw:eip

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/7183676

Scores

CVSS v3 6.5

EPSS 0.1222

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (3)

ibm/cognos_analytics 11.2.4 (6 CPE variants)

ibm/cognos_analytics 12.0.4 (2 CPE variants)

ibm/cognos_analytics 11.2.0 - 11.2.4

Published Feb 28, 2025

Tracked Since Feb 18, 2026