Cyber Resilience

CVE-2024-56340

Medium

Published: 28 February 2025

Published
28 February 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1222 94.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56340 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Ibm Cognos Analytics. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5 contain a local file inclusion vulnerability that stems from improper handling of the deficon parameter. An attacker can supply path traversal sequences to read arbitrary files on the server, corresponding to CWE-23 relative path traversal and carrying a CVSS 3.1 score of 6.5.

The flaw is exploitable by any authenticated user with network access. Because the attack requires only low privileges and no user interaction, an adversary can retrieve sensitive configuration files, credentials, or other restricted content without triggering high-severity integrity or availability impact.

IBM has published remediation guidance at the referenced support page, and a public proof-of-concept is available in the linked GitHub repository. The associated EPSS score has remained flat at 0.1222 with no material increase since disclosure.

EU & UK References

Vulnerability details

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Remote LFI/path traversal in public-facing web app directly enables T1190 exploitation and facilitates T1005 local file data access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-49352Same product: Ibm Cognos Analytics
CVE-2025-0162Same vendor: Ibm
CVE-2024-41771Same vendor: Ibm
CVE-2026-1567Same vendor: Ibm
CVE-2024-45652Same vendor: Ibm
CVE-2025-13616Same vendor: Ibm
CVE-2025-13096Same vendor: Ibm
CVE-2025-12531Same vendor: Ibm
CVE-2026-8633Same vendor: Ibm
CVE-2025-0159Same vendor: Ibm

Affected Assets

ibm
cognos analytics
11.2.4, 12.0.4 · 11.2.0 — 11.2.4 · 12.0.0 — 12.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces input validation on the deficon parameter to reject path traversal payloads, preventing local file inclusion attacks.

prevent

Requires timely patching of the specific flaw in IBM Cognos Analytics as detailed in the IBM security advisory, eliminating the vulnerability.

prevent

Enforces access control policies to restrict low-privileged users from reading sensitive files even if path traversal partially succeeds.

References