CVE-2024-40703 – This vulnerability allows a local attacker to o... (How to Fix)

Q: What is the severity of CVE-2024-40703?

CVE-2024-40703 has a CVSS score of 5.5 (MEDIUM). This vulnerability allows a local attacker to obtain sensitive API key information from IBM Cognos Analytics and IBM Cognos Analytics Reports for iOS. Attackers could use this information to launch further attacks against affected applications. The vulnerability affects multiple versions of IBM Cognos Analytics (11.2.0-11.2.4, 12.0.0-12.0.3) and IBM Cognos Analytics Reports for iOS 11.0.0.7.

📋 TL;DR

This vulnerability allows a local attacker to obtain sensitive API key information from IBM Cognos Analytics and IBM Cognos Analytics Reports for iOS. Attackers could use this information to launch further attacks against affected applications. The vulnerability affects multiple versions of IBM Cognos Analytics (11.2.0-11.2.4, 12.0.0-12.0.3) and IBM Cognos Analytics Reports for iOS 11.0.0.7.

💻 Affected Systems

Products:

IBM Cognos Analytics
IBM Cognos Analytics Reports for iOS

Versions: IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3; IBM Cognos Analytics Reports for iOS 11.0.0.7

Operating Systems: All supported platforms for affected versions

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both on-premises and cloud deployments of the specified versions. Local attacker access required.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker obtains API keys and uses them to gain unauthorized access to Cognos Analytics systems, potentially compromising sensitive business intelligence data and system integrity.

🟠

Likely Case

Local attackers with access to the system can extract API keys, potentially enabling unauthorized API calls or further credential harvesting attacks.

🟢

If Mitigated

With proper access controls and network segmentation, the impact is limited to local information disclosure without enabling broader system compromise.

🌐 Internet-Facing: LOW - This is a local attack requiring attacker access to the system, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this to obtain credentials for further attacks within the environment.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. No public exploit code has been identified as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IBM Cognos Analytics 11.2.4 FP1, 12.0.3 FP1, and later versions

Vendor Advisory: https://www.ibm.com/support/pages/node/7160700

Restart Required: Yes

Instructions:

1. Review IBM Security Bulletin. 2. Download appropriate fix pack from IBM Fix Central. 3. Apply fix pack following IBM installation documentation. 4. Restart Cognos services. 5. Verify installation.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local system access to trusted administrators only to reduce attack surface.

API Key Rotation

all

Rotate API keys regularly to limit exposure window if keys are compromised.

🧯 If You Can't Patch

Implement strict access controls to limit local system access to essential personnel only
Monitor for unusual API activity and implement network segmentation to limit lateral movement

🔍 How to Verify

Check if Vulnerable:

Check installed version of IBM Cognos Analytics via Administration Console or by examining installation directory version files.

Check Version:

Check Cognos Configuration or Administration Console for version information, or examine /opt/ibm/cognos/analytics/version.txt on Linux systems

Verify Fix Applied:

Verify installed version is 11.2.4 FP1, 12.0.3 FP1, or later. Check IBM fix installation logs for successful application.

📡 Detection & Monitoring

Log Indicators:

Unusual local access patterns to Cognos system files
Multiple failed API authentication attempts
Unexpected API key usage patterns

Network Indicators:

Unusual API call patterns from unexpected sources
Multiple authentication failures from single source

SIEM Query:

source="cognos*" AND (event_type="authentication_failure" OR event_type="api_key_access")

📊 Metadata

CVE ID: CVE-2024-40703

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-522

Published: September 22, 2024

Last Updated: September 27, 2024

🔗 References

https://www.ibm.com/support/pages/node/7160700 Patch,Vendor Advisory
https://www.ibm.com/support/pages/node/7168038 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40703, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cognos Analytics by Ibm

Cognos Analytics by Ibm

Cognos Analytics by Ibm

Cognos Analytics by Ibm

Cognos Analytics by Ibm

Cognos Analytics Reports by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

API Key Rotation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities