CVE-2024-52902
Published: 19 February 2025
Summary
CVE-2024-52902 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Ibm Cognos Controller. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, testing, and installation of patches to directly remediate the hard-coded database passwords in IBM Cognos Controller source code.
Mandates protection of authenticator content from unauthorized disclosure and modification, directly preventing embedding of hard-coded passwords in application source code.
Enables ongoing vulnerability scanning to identify hard-coded credential flaws like those in CVE-2024-52902 for prompt remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hard-coded credentials directly enable extraction and reuse of valid accounts (T1078) and represent unsecured credentials discoverable in application artifacts (T1552).
NVD Description
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.
Deeper analysisAI
CVE-2024-52902 is a high-severity vulnerability (CVSS 3.1 score of 8.8) affecting IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 and the IBM Controller 11.1.0 client application. The issue stems from hard-coded database passwords embedded in the source code (CWE-798: Use of Hard-coded Credentials), which exposes credentials that could enable unauthorized system access. Published on 2025-02-19, this flaw allows attackers to bypass authentication mechanisms by extracting and reusing the static passwords.
An attacker with low privileges (PR:L), such as an authenticated user with network access (AV:N), can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants unauthorized access to the database and underlying system, resulting in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U). This could lead to data exfiltration, modification, or disruption of IBM Controller services.
IBM has issued a security advisory with details on mitigation and patching at https://www.ibm.com/support/pages/node/7183597. Security practitioners should review this bulletin for version-specific fixes and apply updates promptly to affected deployments.
Details
- CWE(s)