VDB

CVE-2024-45084

CVE-2024-45084 PUBLISHED CVSS 8 HIGH

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

EPSS 0.26% · 49.5th percentile

Risk Scores

CVSS 3.1
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.26%
49.5th percentile

Affected Products

VendorProductVersions
IBMController11.1.0
IBMCognos Controller11.0.0
ibmcontroller11.1.0
ibmcognos_controller11.0.0

Timeline

  • Feb 19, 2025 Coalition ESS Score
  • Feb 19, 2025 CVE Published
  • Feb 19, 2025 PoC Published
  • Feb 19, 2025 PoC Published
  • Feb 20, 2025 EPSS Score
  • Mar 6, 2025 EPSS Score
  • Mar 21, 2025 EPSS Score
  • Apr 4, 2025 EPSS Score
  • Apr 18, 2025 EPSS Score
  • May 2, 2025 EPSS Score
  • May 17, 2025 EPSS Score
  • May 31, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›