CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56340: IBM MQ path traversal

6.5 CVSS

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

Classification

CVE ID: CVE-2024-56340

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-23 Relative Path Traversal

Affected Products

Vendor: IBM

Product: Cognos Analytics

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.46% (scored less or equal to compared to others)

EPSS Date: 2025-03-28 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-56340
https://www.ibm.com/support/pages/node/7183676

Timeline