#VU105377 Weak password requirements in IBM Cognos Controller - CVE-2024-41778

Cybersecurity Help s.r.o.

Published: 2025-03-06

Vulnerability identifier: #VU105377

Vulnerability risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41778

CWE-ID: CWE-521

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM Cognos Controller
Client/Desktop applications / Other client software

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to perform brute-force attack and guess the password.

The vulnerability exists due to IBM Controller does not require that users should have strong passwords by default. A remote user can perform a brute-force attack and guess users' passwords.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM Cognos Controller: before 11.0.1.4

External links
https://www.ibm.com/support/pages/node/7184423

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cognos Controller