CVE-2024-45084 in Cognos Controllerinfo

Summary

by MITRE • 02/19/2025

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0

could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/26/2025

IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 and 11.1.0 contain a critical vulnerability that enables authenticated attackers to perform formula injection attacks leading to arbitrary command execution. This vulnerability stems from inadequate validation of file contents during the processing of user-supplied data within the application's formula handling mechanisms. The flaw exists in the input sanitization and validation procedures that fail to properly sanitize or validate formula expressions before processing them within the system's computational engine. Attackers with valid authentication credentials can exploit this weakness by crafting malicious formula expressions that bypass the validation checks and execute unintended system commands with the privileges of the application process. This vulnerability directly maps to CWE-94, which describes improper validation of formula expressions and the execution of arbitrary code through injection techniques. The attack vector requires an authenticated user context, making it less accessible than unauthenticated exploits but still highly concerning given the potential for privilege escalation and system compromise. The impact of this vulnerability extends beyond simple command execution as it can lead to full system compromise, data exfiltration, and lateral movement within the network. According to ATT&CK framework, this vulnerability aligns with T1059.001 for command and scripting interpreter and T1068 for local privilege escalation, as attackers can leverage the arbitrary command execution to gain elevated system privileges. The vulnerability represents a significant risk to organizations using IBM Cognos Controller for financial planning and reporting, as these systems often contain sensitive business data and financial information. The exploitation process typically involves crafting malicious formula files that contain shell commands or system calls, which are then processed by the vulnerable application without proper sanitization. Organizations should implement immediate mitigations including applying the latest security patches from IBM, restricting file upload capabilities, and implementing network segmentation to limit the potential impact of successful exploitation. The vulnerability demonstrates the critical importance of proper input validation and sanitization in enterprise applications, particularly those handling complex formula processing and data manipulation functions. Security monitoring should be enhanced to detect unusual formula processing activities and command execution patterns that may indicate exploitation attempts.

Responsible

Ibm

Reservation

08/21/2024

Disclosure

02/19/2025

Moderation

accepted

CPE

ready

EPSS

0.00375

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!