CVE-2024-28778

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7179163	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:cognos_controller::::::::
	cpe:2.3:a:ibm:controller:11.1.0:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

03 Jul 2025, 20:49

Type	Values Removed	Values Added
First Time		Ibm controller Microsoft windows Microsoft Ibm Ibm cognos Controller
References	~~() https://www.ibm.com/support/pages/node/7179163 -~~	() https://www.ibm.com/support/pages/node/7179163 - Vendor Advisory
Summary		(es) IBM Cognos Controller 11.0.0 a 11.0.1 e IBM Controller 11.1.0 son vulnerables a la exposición de claves API de Artifactory. Esta vulnerabilidad permite a los usuarios publicar código en paquetes o repositorios privados bajo el nombre de la organización.
CPE		cpe:2.3:a:ibm:cognos_controller:::::::: cpe:2.3:a:ibm:controller:11.1.0:::::::* cpe:2.3:o:microsoft:windows:-:::::::*

07 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 16:15

Updated : 2025-07-03 20:49

NVD link : CVE-2024-28778

Mitre link : CVE-2024-28778

CVE.ORG link : CVE-2024-28778

JSON object : View

Products Affected

ibm

controller
cognos_controller

microsoft

windows

CWE

CWE-798

Use of Hard-coded Credentials

6.5 /10