CVE-2024-28778

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7179163	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:cognos_controller::::::::
	cpe:2.3:a:ibm:controller:11.1.0:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

03 Jul 2025, 20:49

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:cognos_controller:::::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:ibm:controller:11.1.0:::::::*
Summary		(es) IBM Cognos Controller 11.0.0 a 11.0.1 e IBM Controller 11.1.0 son vulnerables a la exposición de claves API de Artifactory. Esta vulnerabilidad permite a los usuarios publicar código en paquetes o repositorios privados bajo el nombre de la organización.
First Time		Microsoft Ibm Microsoft windows Ibm controller Ibm cognos Controller
References	~~() https://www.ibm.com/support/pages/node/7179163 -~~	() https://www.ibm.com/support/pages/node/7179163 - Vendor Advisory

07 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 16:15

Updated : 2025-07-03 20:49

NVD link : CVE-2024-28778

Mitre link : CVE-2024-28778

CVE.ORG link : CVE-2024-28778

JSON object : View

Products Affected

ibm

cognos_controller
controller

microsoft

windows

CWE

CWE-798

Use of Hard-coded Credentials

6.5 /10