Lucene search
K
IbmController

21 matches found

CVE
CVE
added 2025/03/26 1:51 p.m.94 views

CVE-2022-39163

CVE-2022-39163 (IBM Cognos Controller) affects IBM Cognos Controller 11.0.0–11.1.0 and IBM Controller 11.1.0, due to a Client-Side Desync (CSD) attack that could desynchronize a browser connection and enable cross-site scripting (XSS). The documented impact is limited to potential XSS via a desyn...

4.7CVSS5.8AI score0.00186EPSS
CVE
CVE
added 2025/01/07 3:57 p.m.82 views

CVE-2024-28778

CVE-2024-28778 affects IBM Controller 11.1.0 and IBM Cognos Controller 11.0.0–11.0.1. The issue is exposure of Artifactory API keys, enabling users to publish code to private packages or repositories under the organization’s name. IBM’s integration bulletin lists CVSS 3.1 base score 6.5 (Network,...

6.5CVSS6.8AI score0.0049EPSS
CVE
CVE
added 2025/05/27 1:5 a.m.66 views

CVE-2025-33079

Summary of CVE-2025-33079 (IBM Controller information disclosure) Affected products: IBM Controller: version 11.1.0 (and IBM Cognos Controller 11.0.0 – 11.0.1). Root cause / vulnerability: An authenticated user could obtain sensitive credentials that may be inadvertently included within the sourc...

6.5CVSS6.3AI score0.00266EPSS
CVE
CVE
added 2025/01/07 4:2 p.m.61 views

CVE-2024-40702

IBM Cognos Controller 11.0.0–11.0.1 and IBM Controller 11.1.0 are affected by CVE-2024-40702 due to improper certificate validation, enabling an unauthorized user to obtain valid tokens and access protected resources (CVSS v3.1 base score 8.2). Remediation per the IBM security bulletin: IBM Contr...

8.2CVSS6.9AI score0.0025EPSS
CVE
CVE
added 2025/01/07 4:4 p.m.60 views

CVE-2021-20455

CVE-2021-20455 affects IBM Cognos Controller (11.0.0–11.0.1) and IBM Controller (11.1.0). The issue is information disclosure via detailed technical error messages returned in the browser, enabling a remote attacker to obtain sensitive information that could be leveraged in further attacks. Conne...

3.7CVSS6.2AI score0.00461EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.58 views

CVE-2022-22363

Summary: CVE-2022-22363 affects IBM Cognos Controller 11.0.0–11.0.1 and IBM Controller 11.1.0, where a remote attacker could obtain sensitive information via detailed browser error messages. Root cause: exposure of detailed error information in the web interface. Impact (as described): informatio...

4.3CVSS6.2AI score0.00771EPSS
CVE
CVE
added 2025/03/01 2:22 p.m.57 views

CVE-2024-41778

CVE-2024-41778 affects IBM Controller 11.0.0–11.0.1 and 11.1.0, where default weak password requirements may allow attackers to compromise user accounts. Connected sources corroborate weak password handling across the affected versions. The IBM Security Bulletin lists remediation by upgrading to ...

6.5CVSS6.7AI score0.00251EPSS
CVE
CVE
added 2025/02/19 2:50 p.m.57 views

CVE-2024-52902

IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0 contain hard-coded database passwords in the client application, enabling unauthorized access if exploited. Remediation: upgrade Cognos Controller to 11.0.1 FP4 and Controller to 11.1.0.1 (cloud deploys have corresponding updates)....

8.8CVSS8.6AI score0.00335EPSS
CVE
CVE
added 2025/01/07 3:51 p.m.56 views

CVE-2024-25037

CVE-2024-25037 affects IBM Cognos Controller (11.0.0–11.0.1) and IBM Controller (11.1.0). The issue allows a remote attacker to obtain sensitive information when a stack trace is returned in the browser, due to exposure in error reporting. Impact is described as information disclosure (CVSS 3.1/3...

4.3CVSS6.3AI score0.00541EPSS
CVE
CVE
added 2025/02/19 4:4 p.m.53 views

CVE-2024-28777

CVE-2024-28777 affects IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0. It is caused by unrestricted deserialization of types in the application, enabling arbitrary code execution, privilege escalation, or denial of service. IBM’s security bulletin lists related fixes: Cognos Co...

8.8CVSS8.9AI score0.00558EPSS
CVE
CVE
added 2025/02/19 3:39 p.m.53 views

CVE-2024-28780

CVE-2024-28780 affects IBM Cognos Controller (11.0.0–11.0.1 FP3) and IBM Controller (11.1.0) where weaker cryptographic algorithms could allow decryption of highly sensitive information. The IBM security bulletin identifies this under a set of vulnerabilities (tied to decrypting data) and lists r...

5.9CVSS5.6AI score0.00186EPSS
CVE
CVE
added 2025/02/19 4:20 p.m.52 views

CVE-2023-47160

CVE-2023-47160 affects IBM Cognos Controller (11.0.0–11.0.1 FP3) and IBM Controller (11.1.0). The vulnerability is an XML External Entity Injection (XXE) when processing XML data, potentially exposing sensitive information or enabling resource consumption. IBM’s security bulletin lists remediatio...

8.2CVSS8.2AI score0.00477EPSS
CVE
CVE
added 2025/02/19 4:2 p.m.52 views

CVE-2024-28776

Affected products: IBM Cognos Controller (11.0.0–11.0.1 FP3) and IBM Controller (11.1.0). Issue: cross-site scripting in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure in a trusted session. Root cause: XSS vulnerability in the web applica...

5.4CVSS5.3AI score0.00206EPSS
CVE
CVE
added 2025/02/19 3:37 p.m.48 views

CVE-2024-45081

CVE-2024-45081 affects IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0. The issue is an incorrect authorization check that could allow an authenticated user to modify restricted content. CVSSv3.1 base score is 6.5 (Medium) with network attack, low privileges required, no user in...

6.5CVSS6.3AI score0.00252EPSS
CVE
CVE
added 2025/02/19 3:24 p.m.46 views

CVE-2024-45084

CVE-2024-45084 affects IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0. An authenticated attacker could perform formula injection due to improper validation of file contents, potentially allowing arbitrary command execution on the system. Connected sources detail the affected pr...

8CVSS8.2AI score0.00375EPSS
CVE
CVE
added 2025/09/26 2:20 p.m.25 views

CVE-2025-36326

CVE-2025-36326 affects IBM Cognos Controller 11.0.0–11.0.1 FP6 and IBM Controller 11.1.0–11.1.1. The issue arises from hardcoded cryptographic keys used to sign session cookies, enabling potential disclosure of sensitive information. The IBM security bulletin lists remediation: upgrade to IBM Cog...

7.5CVSS6AI score0.00213EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.21 views

CVE-2026-5065

CVE-2026-5065: IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contain hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Affected products: IBM Controller 11.0.1–11.1.2. Severity is high (CVSS v3.1: 8.8, NETWORK attack vector, ...

8.8CVSS5.8AI score0.0019EPSS
CVE
CVE
added 2025/12/08 9:22 p.m.15 views

CVE-2025-36015

The CVE-2025-36015 entry affects IBM Controller (11.1.0–11.1.1) and IBM Cognos Controller (11.0.0–11.0.1 FP6). The vulnerability is caused by improper validation of a specified quantity size input, enabling an authenticated user to trigger a denial of service (availability impact: HIGH) without i...

6.5CVSS6AI score0.00245EPSS
CVE
CVE
added 2025/12/08 9:28 p.m.11 views

CVE-2025-33111

CVE-2025-33111 affects IBM Controller 11.1.0–11.1.1 and IBM Cognos Controller 11.0.0–11.0.1 FP6. The issue is a race condition where temporary files are created without atomic operations, potentially exposing sensitive information to an authenticated user. Remediation per IBM security bulletin: u...

4.3CVSS5.8AI score0.00184EPSS
CVE
CVE
added 2025/12/08 9:37 p.m.11 views

CVE-2025-36017

The CVE-2025-36017 issue affects IBM Controller (11.1.0–11.1.1) and IBM Cognos Controller (11.0.0–11.0.1 FP6), where unencrypted sensitive information is stored in environment variable files that an authenticated user can access. Red Hat and other feeds corroborate this description, noting the sa...

6.5CVSS5.9AI score0.00228EPSS
CVE
CVE
added 2025/12/08 9:30 p.m.11 views

CVE-2025-36102

CVE-2025-36102 affects IBM Controller 11.1.0–11.1.1 and IBM Cognos Controller 11.0.0–11.0.1 FP6. The issue arises from client-side enforcement of server-side security, allowing a privileged user to bypass validation by passing user input into the application as trusted data. Impact described acro...

2.7CVSS6.2AI score0.0019EPSS