8.8
CVE-2024-28777
- EPSS 0.39%
- Veröffentlicht 19.02.2025 16:15:39
- Zuletzt bearbeitet 25.07.2025 20:28:18
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Cognos Controller code execution
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Cognos Controller Version >= 11.0.0 < 11.0.1.4
Ibm ≫ Controller Version11.1.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.601 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.