CVE-2024-40702

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.

Published: Jan 7, 2025
Updated: May 4, 2025
CVE: CVE-2024-40702
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
ibm / cognos_controller	11.0.0	11.0.1.x
ibm / controller	11.1.0	11.1.0.x

https://www.ibm.com/support/pages/node/7179163

Vulnerability Database

290,206

CVE-2024-40702