CVE-2024-40702
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Controller | 11.1.0 | affected |
| IBM | Cognos Controller | 11.0.0 <= 11.0.1 | affected |
Weaknesses
- CWE-295: CWE-295 Improper Certificate Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.