Cognos Controller Security Vulnerabilities and Issues — Cognos Controller CVE List

Lucene search

IbmCognos Controller

12 matches found

CVE•added 2019/11/09 2:15 a.m.•164 views

CVE-2019-4412

IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.

5.3CVSS5AI score0.00284EPSS

CVE•added 2024/12/03 5:15 p.m.•55 views

CVE-2024-25035

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.

5.3CVSS5.1AI score0.00051EPSS

CVE•added 2024/05/03 6:15 p.m.•52 views

CVE-2023-23474

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

5.3CVSS5.9AI score0.00035EPSS

CVE•added 2024/05/03 6:15 p.m.•49 views

CVE-2023-28952

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.

5.3CVSS6.5AI score0.0007EPSS

CVE•added 2019/06/17 3:15 p.m.•43 views

CVE-2019-4176

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.

5.3CVSS6.3AI score0.00089EPSS

CVE•added 2024/12/03 5:15 p.m.•43 views

CVE-2021-29892

IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

5.9CVSS5.5AI score0.00024EPSS

CVE•added 2025/03/01 3:15 p.m.•43 views

CVE-2024-41778

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

5.3CVSS6.7AI score0.00045EPSS

CVE•added 2019/06/17 3:15 p.m.•42 views

CVE-2019-4136

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. I...

5.4CVSS5.6AI score0.00208EPSS

CVE•added 2024/05/03 7:15 p.m.•41 views

CVE-2022-22364

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary ...

5.3CVSS6.6AI score0.00028EPSS

CVE•added 2024/05/03 6:15 p.m.•40 views

CVE-2021-20556

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

5.3CVSS6.4AI score0.0005EPSS

CVE•added 2025/02/19 4:15 p.m.•39 views

CVE-2024-28780

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.9CVSS5.6AI score0.00016EPSS

CVE•added 2025/02/19 4:15 p.m.•38 views

CVE-2024-28776

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s...

5.4CVSS5.3AI score0.0002EPSS