VDB
CVE-2024-45084
CVE-2024-45084
PUBLISHED
CVSS 8 HIGH
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.
EPSS 0.26% · 49.5th percentile
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.26%
49.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | Controller | 11.1.0 |
| IBM | Cognos Controller | 11.0.0 |
| ibm | controller | 11.1.0 |
| ibm | cognos_controller | 11.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-45084 (circl-sighting)
- CIRCL seen: CVE-2024-45084 (circl-sighting)
- CIRCL seen: CVE-2024-45084 (circl-sighting)
- https://www.ibm.com/support/pages/node/7183597 (circl)
Timeline
- Feb 19, 2025 Coalition ESS Score
- Feb 19, 2025 CVE Published
- Feb 19, 2025 PoC Published
- Feb 19, 2025 PoC Published
- Feb 20, 2025 EPSS Score
- Mar 6, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
- May 2, 2025 EPSS Score
- May 17, 2025 EPSS Score
- May 31, 2025 EPSS Score