{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-28778","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-03-10T12:23:11.490Z","datePublished":"2025-01-07T15:57:13.969Z","dateUpdated":"2025-01-07T16:47:18.576Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Controller","vendor":"IBM","versions":[{"status":"affected","version":"11.1.0"}]},{"cpes":["cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Cognos Controller","vendor":"IBM","versions":[{"lessThanOrEqual":"11.0.1","status":"affected","version":"11.0.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization."}],"value":"IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-798","description":"CWE-798 Use of Hard-coded Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-01-07T15:57:13.969Z"},"references":[{"url":"https://www.ibm.com/support/pages/node/7179163"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Cognos Controller information disclosure","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-07T16:47:08.512733Z","id":"CVE-2024-28778","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-07T16:47:18.576Z"}}]}}