CVE-2024-45084

EPSS 0.26%
Veröffentlicht 19.02.2025 16:15:39
Zuletzt bearbeitet 29.09.2025 18:15:30
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM Cognos Controller CSV injection

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 

could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Cognos Controller Version >= 11.0.0 < 11.0.1.4

Microsoft ≫ Windows Version-

Ibm ≫ Controller Version11.1.0

Microsoft ≫ Windows Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.492

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@us.ibm.com	8	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-1236 Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

https://www.ibm.com/support/pages/node/7183597

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45084

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45084

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45084

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45084