CVE-2024-28777 – IBM Cognos Controller and IBM Controller contai... (How to Fix)

Q: What is the severity of CVE-2024-28777?

CVE-2024-28777 has a CVSS score of 8.8 (HIGH). IBM Cognos Controller and IBM Controller contain an unrestricted deserialization vulnerability that allows authenticated users to execute arbitrary code, escalate privileges, or cause denial of service attacks. This affects IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 and IBM Controller version 11.1.0.

📋 TL;DR

IBM Cognos Controller and IBM Controller contain an unrestricted deserialization vulnerability that allows authenticated users to execute arbitrary code, escalate privileges, or cause denial of service attacks. This affects IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 and IBM Controller version 11.1.0.

💻 Affected Systems

Products:

IBM Cognos Controller
IBM Controller

Versions: IBM Cognos Controller 11.0.0 through 11.0.1 FP3, IBM Controller 11.1.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations within affected version ranges are vulnerable. Requires authenticated access.

📦 What is this software?

Cognos Controller by Ibm

View all CVEs affecting Cognos Controller →

Controller by Ibm

View all CVEs affecting Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution leading to data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Privilege escalation allowing unauthorized access to sensitive financial data and system manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation and strict access controls preventing exploitation.

🌐 Internet-Facing: HIGH if exposed to internet without proper controls due to authenticated exploitation potential.

🏢 Internal Only: HIGH due to authenticated user exploitation potential and critical nature of financial controller systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access. Exploitation involves crafting malicious serialized objects to trigger deserialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IBM Cognos Controller 11.0.1 FP4 or later, IBM Controller 11.1.1 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7183597

Restart Required: No

Instructions:

1. Download the appropriate fix pack from IBM Fix Central. 2. Apply the fix pack following IBM's installation instructions. 3. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to IBM Controller systems to only trusted users and applications.

Least Privilege Access

all

Implement strict access controls and limit user permissions to minimum required for business functions.

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to IBM Controller systems
Apply application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check IBM Controller version via administrative console or version files. Compare against affected versions.

Check Version:

Check version in IBM Controller administrative interface or consult installation documentation.

Verify Fix Applied:

Verify installed version is IBM Cognos Controller 11.0.1 FP4+ or IBM Controller 11.1.1+.

📡 Detection & Monitoring

Log Indicators:

Unusual deserialization errors
Unexpected process execution
Authentication anomalies

Network Indicators:

Unusual outbound connections from IBM Controller systems
Suspicious serialized data patterns

SIEM Query:

source="ibm_controller" AND (event_type="deserialization_error" OR process_execution="unusual")

📊 Metadata

CVE ID: CVE-2024-28777

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 1.2% exploit probability (78.6th percentile)

Published: February 19, 2025

Last Updated: July 25, 2025

🔗 References

https://www.ibm.com/support/pages/node/7183597 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28777, you might also want to check these: