CVE-2024-25037

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7179163	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:cognos_controller::::::::
	cpe:2.3:a:ibm:controller:11.1.0:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

03 Jul 2025, 20:49

Type	Values Removed	Values Added
Summary		(es) IBM Cognos Controller 11.0.0 a 11.0.1 e IBM Controller 11.1.0 podrían permitir que un atacante remoto obtenga información confidencial cuando se devuelve un seguimiento de pila en el navegador.
First Time		Ibm controller Microsoft windows Microsoft Ibm Ibm cognos Controller
References	~~() https://www.ibm.com/support/pages/node/7179163 -~~	() https://www.ibm.com/support/pages/node/7179163 - Vendor Advisory
CPE		cpe:2.3:a:ibm:cognos_controller:::::::: cpe:2.3:a:ibm:controller:11.1.0:::::::* cpe:2.3:o:microsoft:windows:-:::::::*

07 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 16:15

Updated : 2025-07-03 20:49

NVD link : CVE-2024-25037

Mitre link : CVE-2024-25037

CVE.ORG link : CVE-2024-25037

JSON object : View

Products Affected

ibm

controller
cognos_controller

microsoft

windows

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

4.3 /10