CVE-2024-40703 MEDIUM

CVE-2024-40703: IBM Cognos Analytics information disclosure

Vendor Ibm
Product Cognos Analytics
Weakness CWE-522 · Insufficiently protected credentials
Published September 22, 2024
Last update September 22, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

Key dates

02Disclosure timeline

September 22, 2024 CVE published
September 22, 2024 Record updated