Cognos Controller@10.4.1 Security Vulnerabilities and Issues — Cognos Controller@10.4.1 CVE List

Lucene search

IbmCognos Controller10.4.1

19 matches found

CVE•added 2019/11/09 2:15 a.m.•164 views

CVE-2019-4412

IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.

5.3CVSS5AI score0.00284EPSS

CVE•added 2019/11/09 2:15 a.m.•142 views

CVE-2019-4411

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.

4.3CVSS4.5AI score0.00222EPSS

CVE•added 2019/09/17 7:15 p.m.•81 views

CVE-2019-4171

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.

4.3CVSS4.5AI score0.00103EPSS

CVE•added 2019/09/17 7:15 p.m.•70 views

CVE-2019-4175

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2024/05/03 5:15 p.m.•66 views

CVE-2021-20450

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insec...

4.3CVSS5.9AI score0.00063EPSS

CVE•added 2024/05/03 6:15 p.m.•52 views

CVE-2023-23474

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

5.3CVSS5.9AI score0.00035EPSS

CVE•added 2024/05/03 6:15 p.m.•49 views

CVE-2023-28952

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.

5.3CVSS6.5AI score0.0007EPSS

CVE•added 2024/05/03 6:15 p.m.•46 views

CVE-2023-38724

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.

9.8CVSS7.2AI score0.00098EPSS

CVE•added 2024/05/03 6:15 p.m.•45 views

CVE-2023-40696

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.

7.5CVSS6.2AI score0.00034EPSS

CVE•added 2024/05/03 7:15 p.m.•43 views

CVE-2023-40695

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.

8.8CVSS6.1AI score0.00027EPSS

CVE•added 2024/05/03 5:15 p.m.•42 views

CVE-2020-4874

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.

7.5CVSS6.2AI score0.00038EPSS

CVE•added 2022/01/21 6:15 p.m.•41 views

CVE-2020-4876

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.

8.2CVSS8AI score0.0037EPSS

CVE•added 2024/05/03 7:15 p.m.•41 views

CVE-2022-22364

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary ...

5.3CVSS6.6AI score0.00028EPSS

CVE•added 2024/05/03 7:15 p.m.•40 views

CVE-2021-20451

7.2CVSS7.2AI score0.00053EPSS

CVE•added 2024/05/03 6:15 p.m.•40 views

CVE-2021-20556

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

5.3CVSS6.4AI score0.0005EPSS

CVE•added 2020/11/11 1:15 p.m.•37 views

CVE-2020-4685

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Control...

8CVSS7AI score0.00522EPSS

CVE•added 2022/01/21 6:15 p.m.•33 views

CVE-2020-4877

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.

9.8CVSS8.8AI score0.00354EPSS

CVE•added 2022/01/21 6:15 p.m.•33 views

CVE-2020-4879

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

9.8CVSS9.1AI score0.00907EPSS

CVE•added 2022/01/21 6:15 p.m.•31 views

CVE-2020-4875

8.2CVSS8AI score0.0037EPSS