CVE-2024-40703

MEDIUM EPSS 3.9%
Published Sep 22, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 22, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
3.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-522

Affected Products 6

VendorProductVersionRange
ibmcognos_analytics*≥11.2.0  –  ≤11.2.3
ibmcognos_analytics*≥12.0.0  –  <12.0.3
ibmcognos_analytics11.2.4any
ibmcognos_analytics12.0.3any
ibmcognos_analytics12.0.3any
ibmcognos_analytics_reports11.0.0.7any

References 2

  • ibm.com https://www.ibm.com/support/pages/node/7160700
    PatchVendor Advisory
  • ibm.com https://www.ibm.com/support/pages/node/7168038
    PatchVendor Advisory

Remediation

  • ibm.com https://www.ibm.com/support/pages/node/7160700
    PatchVendor Advisory
  • ibm.com https://www.ibm.com/support/pages/node/7168038
    PatchVendor Advisory