CVE-2024-45084
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Cognos Controller | 11.0.0 <= 11.0.1 | affected |
| IBM | Controller | 11.1.0 | affected |
Weaknesses
- CWE-1236: CWE-1236 Improper Neutralization of Formula Elements in a CSV File
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.