Cyber Posture

CVE-2024-56340

Medium

Published: 28 February 2025

Published
28 February 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1222 93.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56340 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Ibm Cognos Analytics. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly enforces input validation on the deficon parameter to reject path traversal payloads, preventing local file inclusion attacks.

SI-2 Flaw Remediation good match
prevent

Requires timely patching of the specific flaw in IBM Cognos Analytics as detailed in the IBM security advisory, eliminating the vulnerability.

AC-3 Access Enforcement partial match
prevent

Enforces access control policies to restrict low-privileged users from reading sensitive files even if path traversal partially succeeds.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Remote LFI/path traversal in public-facing web app directly enables T1190 exploitation and facilitates T1005 local file data access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

Deeper analysisAI

IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5 are affected by CVE-2024-56340, a local file inclusion vulnerability classified under CWE-23 (path traversal). The flaw allows attackers to access sensitive files by inserting path traversal payloads into the deficon parameter. Published on 2025-02-28, it carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact.

Exploitation requires low privileges (PR:L) and can be performed remotely over the network (AV:N) with low complexity and no user interaction. A successful attack enables unauthorized reading of sensitive files, compromising confidentiality without impacting integrity or availability.

Mitigation details are available in the IBM security advisory at https://www.ibm.com/support/pages/node/7183676 and the vulnerability research repository at https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-56340.

Details

CWE(s)
CWE-23

Affected Products

ibm
cognos analytics
11.2.4, 12.0.4 · 11.2.0 — 11.2.4 · 12.0.0 — 12.0.4

CVEs Like This One

CVE-2024-49352Same product: Ibm Cognos Analytics
CVE-2025-0162Same vendor: Ibm
CVE-2026-1567Same vendor: Ibm
CVE-2025-13096Same vendor: Ibm
CVE-2024-41771Same vendor: Ibm
CVE-2025-13616Same vendor: Ibm
CVE-2025-12531Same vendor: Ibm
CVE-2025-3320Same vendor: Ibm
CVE-2025-3354Same vendor: Ibm
CVE-2026-1022Shared CWE-23

References