IBM Cognos Analytics is considered vulnerable to a Malicious File Upload which could allow a privileged user to upload malicious files that can be automatically processed within the product (CVE-2024-40695) and an Expression Language (EL) Injection which could allow a remote attacker to exploit to expose sensitive information and consume resources (CVE-2024-51466).
https://www.ibm.com/support/pages/secur ... 2024-51466