Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM Cognos Controller file upload
Vulnerability Description
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
IBM Cognos Controller 代码问题漏洞
Vulnerability Description
IBM Cognos Controller是美国国际商业机器(IBM)公司的一套商业智能与计划解决方案。该产品具有流程自动化、财务审计控制、创建和管理财务报告等功能。 IBM Cognos Controller 11.0.0版本和11.0.1版本存在代码问题漏洞,该漏洞源于对上传到记账条目附件的文件类型验证不当,允许攻击者利用此弱点上传恶意可执行文件到系统中,这些文件可以被发送给受害者以进行进一步攻击。
CVSS Information
N/A
Vulnerability Type
N/A