TROYANOSYVIRUS
Voltar para CVEs

CVE-2024-28777

HIGH
8.8

Descricao

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.

Detalhes CVE

Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/19/2025
Ultima modificacao7/25/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

ibm:cognos_controlleribm:controllermicrosoft:windows

Fraquezas (CWE)

CWE-502

Referencias

https://www.ibm.com/support/pages/node/7183597(psirt@us.ibm.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.