Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmCognos Controller

9 matches found

CVE
CVEadded 2025/01/07 4:15 p.m.48 views

CVE-2024-40702

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.

8.2CVSS6.9AI score0.00036EPSS
CVE
CVEadded 2024/05/03 7:15 p.m.43 views

CVE-2023-40695

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.

8.8CVSS6.1AI score0.00027EPSS
CVE
CVEadded 2022/01/21 6:15 p.m.41 views

CVE-2020-4876

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.

8.2CVSS8AI score0.0037EPSS
CVE
CVEadded 2025/02/19 4:15 p.m.40 views

CVE-2024-28777

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the ...

8.8CVSS8.9AI score0.00535EPSS
CVE
CVEadded 2020/11/11 1:15 p.m.37 views

CVE-2020-4685

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Control...

8CVSS7AI score0.00522EPSS
CVE
CVEadded 2025/02/19 5:15 p.m.34 views

CVE-2023-47160

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

8.2CVSS8.2AI score0.00198EPSS
CVE
CVEadded 2025/02/19 3:15 p.m.34 views

CVE-2024-52902

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.

8.8CVSS8.6AI score0.00064EPSS
CVE
CVEadded 2025/02/19 4:15 p.m.33 views

CVE-2024-45084

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

8CVSS8.2AI score0.0017EPSS
CVE
CVEadded 2022/01/21 6:15 p.m.31 views

CVE-2020-4875

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838.

8.2CVSS8AI score0.0037EPSS