North Korean APT Kimsuky aka Black Banshee – Active IOCs

September 23, 2024

CoinMiner Malware – Active IOCs

September 24, 2024

CVE-2024-40703 – IBM Cognos Analytics Vulnerability

September 23, 2024

Severity

Medium

Analysis Summary

CVE-2024-40703

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

Impact

Information Disclosure

Indicators of Compromise

CVE

CVE-2024-40703

Affected Vendors

IBM

Affected Products

IBM Cognos Analytics 11.2.1
IBM Cognos Analytics 11.2.4
IBM Cognos Analytics 12.0.0
IBM Cognos Analytics 11.2.0
IBM Cognos Analytics 11.2.3
IBM Cognos Analytics 11.2.2
IBM Cognos Analytics 12.0.1
IBM Cognos Analytics 12.0.2

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

IBM Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

DslogdRAT Deployed via Ivanti Connect Secure Exploit – Active IOCs

SAP NetWeaver Zero-Day Enables Webshell Deployment – Active IOCs

CVE-2025-31324 – SAP NetWeaver Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us