CVE-2024-28777 — Vulnetix

CVE-2024-28777 PUBLISHED CVSS 8.800000190734863 HIGH

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.

EPSS 0.39% · 60.4th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.39%

60.4th percentile

Affected Products

Vendor	Product	Versions
ibm	cognos_controller	11.0.0
ibm	controller	11.1.0
IBM	Controller	11.1.0
IBM	Cognos Controller	11.0.0

Timeline

Feb 19, 2025 Coalition ESS Score
Feb 19, 2025 CVE Published
Feb 19, 2025 PoC Published
Feb 19, 2025 PoC Published
Feb 19, 2025 PoC Published
Feb 20, 2025 EPSS Score
Mar 6, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Apr 4, 2025 EPSS Score
Apr 18, 2025 EPSS Score
May 2, 2025 EPSS Score
May 16, 2025 EPSS Score

References

https://www.ibm.com/support/pages/node/7183597 advisory
https://www.ibm.com/support/pages/node/7183584 advisory
https://www.ibm.com/support/pages/node/7183612 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-28777 advisory

Open in Interactive Console →