CVE-2024-41739

CVE-2024-41739 is a vulnerability in IBM Cognos Dashboards versions 4.0.7 and 5.0.0 on Cloud Pak for Data, stemming from dependency confusion (CWE-427). This issue could allow a remote attacker to perform unauthorized actions. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, no required privileges, user interaction, and high impacts across confidentiality, integrity, and availability.

A remote attacker without privileges can exploit this over the network with low complexity, though it requires user interaction such as clicking a malicious link or opening a file. Successful exploitation enables the attacker to perform unauthorized actions, potentially compromising the affected Cognos Dashboards instance.

IBM has published a security advisory with details on the vulnerability and recommended mitigations at https://www.ibm.com/support/pages/node/7177766. Security practitioners should consult this page for patching instructions and workarounds specific to Cloud Pak for Data environments.