Lucene search

IbmCVELIST:CVE-2020-4685

HistoryNov 10, 2020 - 12:00 a.m.

CVE-2020-4685

2020-11-1000:00:00

ibm

www.cve.org

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.

CNA Affected

[
  {
    "product": "Cognos Controller",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.3.1"
      },
      {
        "status": "affected",
        "version": "10.3.0"
      },
      {
        "status": "affected",
        "version": "10.4.0"
      },
      {
        "status": "affected",
        "version": "10.4.1"
      },
      {
        "status": "affected",
        "version": "10.4.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/186625

www.ibm.com/support/pages/node/6339995

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Related for CVELIST:CVE-2020-4685