IBM Cognos Analytics security vulnerability allowed unauthorized file uploads

IBM has issued a security bulletin addressing two newly discovered, high-severity vulnerabilities in its Cognos Analytics platform.

These flaws, tracked as CVE-2024-40695 (Malicious File Upload) and CVE-2024-51466 (Expression Language Injection), potentially expose enterprise systems to unauthorized file uploads and the risk of sensitive data exposure or denial-of-service attacks.

This vulnerability arises due to insufficient validation of files uploaded through the Cognos Analytics web interface.

Read more at GBHackers