CVE-2024-56340

MEDIUM

IBM Cognos Analytics 11.2.0-11.2.4 FP5 - Local File Inclusion via Deficon Parameter

Title source: llm

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

References (2)

Core 2

Core References

Various Sources

https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-56340

View Writeup ZIP pw:eip

Patch, Vendor Advisory vendor-advisory

https://www.ibm.com/support/pages/node/7183676

Scores

CVSS v3 6.5

EPSS 0.0071

EPSS Percentile 48.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (3)

ibm/cognos_analytics 11.2.4 (6 CPE variants)

ibm/cognos_analytics 12.0.4 (2 CPE variants)

ibm/cognos_analytics 11.2.0 - 11.2.4

Published Feb 28, 2025

Tracked Since Feb 18, 2026