Security Bulletin: Multiple vulnerabilities in IBM Cognos Command Center

Summary Multiple vulnerabilities were addressed in IBM Cognos Command Center 10.2.5 FP1 IF3 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a hang or...

CVE-2025-1494

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...

CVE-2025-1994

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function...

CVE-2025-2697

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to...

IBM Cognos Command Center Redirection Vulnerability

IBM Cognos Command Center is a solution for automating business processes that simplifies operational complexity across multiple software environments by allowing users to view, execute and monitor automated processes through a single interface. A redirection vulnerability exists in IBM Cognos...

IBM Cognos Command Center Clickjacking Vulnerability

IBM Cognos Command Center is a solution for automating business processes that simplifies operational complexity across multiple software environments by allowing users to view, execute and monitor automated processes through a single interface. A clickjacking vulnerability exists in IBM Cognos...

IBM Cognos Command Center Code Execution Vulnerability

IBM Cognos Command Center is a solution for automating business processes that simplifies operational complexity across multiple software environments by allowing users to view, execute and monitor automated processes through a single interface. A code execution vulnerability exists in IBM Cognos...

Vulnerabilities fixed in IBM Cognos Command Center

IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...

CVE-2025-2697

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to...

CVE-2025-1994

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function...

IBM Cognos Command Center 安全漏洞

IBM Cognos Command Center is a solution for automating business processes that simplifies operational complexity across multiple software environments by allowing users to view, execute and monitor automated processes through a single interface. A code execution vulnerability exists in IBM Cognos...

CVE-2024-31899

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device...

IBM Cognos Command Center 信息泄露漏洞

IBM Cognos Command Center is a software product from International Business Machines IBM that helps organizations manage and monitor their IBM Cognos Business Intelligence solutions. An information disclosure vulnerability exists in IBM Cognos Command Center that stems from disclosing details of...

Vulnerabilities fixed in IBM Cognos Command Center

Several vulnerabilities have been fixed in IBM Cognos Command Center. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user privileg...