IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
CVE ID: CVE-2024-56340
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vendor: IBM
Product: Cognos Analytics
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 5.46% (scored less or equal to compared to others)
EPSS Date: 2025-03-28 (when was this score calculated)