CVE-2024-56340: IBM MQ path traversal
First published: Thu Feb 27 2025(Updated: )
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Analytics | <=12.0.0-12.0.4 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-56340?
CVE-2024-56340 has a critical severity rating due to its potential to expose sensitive files via local file inclusion.
How do I fix CVE-2024-56340?
To fix CVE-2024-56340, apply the patches provided by IBM for affected versions of Cognos Analytics.
What versions of IBM Cognos Analytics are affected by CVE-2024-56340?
CVE-2024-56340 affects IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5.
Can CVE-2024-56340 be exploited remotely?
CVE-2024-56340 is a local file inclusion vulnerability that requires local access to exploit.
What is the impact of exploiting CVE-2024-56340?
Exploiting CVE-2024-56340 can allow attackers to access sensitive files on the server, leading to data breaches.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/source
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/type
- agent/event
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.4
- version/ibm cognos analytics/11.2.0-11.2.4 fp5