Cognos Controller Security Vulnerabilities and Issues — Cognos Controller CVE List

Lucene search

IbmCognos Controller

10 matches found

CVE•added 2019/11/09 2:15 a.m.•142 views

CVE-2019-4411

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.

4.3CVSS4.5AI score0.00222EPSS

CVE•added 2019/09/17 7:15 p.m.•81 views

CVE-2019-4171

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.

4.3CVSS4.5AI score0.00103EPSS

CVE•added 2025/03/26 2:15 p.m.•73 views

CVE-2022-39163

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.

4.7CVSS5.8AI score0.00035EPSS

CVE•added 2024/05/03 5:15 p.m.•66 views

CVE-2021-20450

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insec...

4.3CVSS5.9AI score0.00063EPSS

CVE•added 2024/12/03 6:15 p.m.•63 views

CVE-2024-45676

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction.

4.3CVSS4.5AI score0.00024EPSS

CVE•added 2019/06/17 3:15 p.m.•46 views

CVE-2019-4177

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.

4CVSS4.4AI score0.00046EPSS

CVE•added 2024/12/03 5:15 p.m.•44 views

CVE-2024-25036

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.

4.3CVSS4.5AI score0.00031EPSS

CVE•added 2019/06/17 3:15 p.m.•41 views

CVE-2019-4174

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.

4CVSS4.4AI score0.00046EPSS

CVE•added 2025/01/07 4:15 p.m.•40 views

CVE-2022-22363

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

4.3CVSS6.2AI score0.0004EPSS

CVE•added 2025/01/07 4:15 p.m.•39 views

CVE-2024-25037

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.

4.3CVSS6.3AI score0.0004EPSS