21 matches found
CVE-2022-39163
CVE-2022-39163 (IBM Cognos Controller) affects IBM Cognos Controller 11.0.0–11.1.0 and IBM Controller 11.1.0, due to a Client-Side Desync (CSD) attack that could desynchronize a browser connection and enable cross-site scripting (XSS). The documented impact is limited to potential XSS via a desyn...
CVE-2024-28778
CVE-2024-28778 affects IBM Controller 11.1.0 and IBM Cognos Controller 11.0.0–11.0.1. The issue is exposure of Artifactory API keys, enabling users to publish code to private packages or repositories under the organization’s name. IBM’s integration bulletin lists CVSS 3.1 base score 6.5 (Network,...
CVE-2025-33079
Summary of CVE-2025-33079 (IBM Controller information disclosure) Affected products: IBM Controller: version 11.1.0 (and IBM Cognos Controller 11.0.0 – 11.0.1). Root cause / vulnerability: An authenticated user could obtain sensitive credentials that may be inadvertently included within the sourc...
CVE-2024-40702
IBM Cognos Controller 11.0.0–11.0.1 and IBM Controller 11.1.0 are affected by CVE-2024-40702 due to improper certificate validation, enabling an unauthorized user to obtain valid tokens and access protected resources (CVSS v3.1 base score 8.2). Remediation per the IBM security bulletin: IBM Contr...
CVE-2021-20455
CVE-2021-20455 affects IBM Cognos Controller (11.0.0–11.0.1) and IBM Controller (11.1.0). The issue is information disclosure via detailed technical error messages returned in the browser, enabling a remote attacker to obtain sensitive information that could be leveraged in further attacks. Conne...
CVE-2022-22363
Summary: CVE-2022-22363 affects IBM Cognos Controller 11.0.0–11.0.1 and IBM Controller 11.1.0, where a remote attacker could obtain sensitive information via detailed browser error messages. Root cause: exposure of detailed error information in the web interface. Impact (as described): informatio...
CVE-2024-41778
CVE-2024-41778 affects IBM Controller 11.0.0–11.0.1 and 11.1.0, where default weak password requirements may allow attackers to compromise user accounts. Connected sources corroborate weak password handling across the affected versions. The IBM Security Bulletin lists remediation by upgrading to ...
CVE-2024-52902
IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0 contain hard-coded database passwords in the client application, enabling unauthorized access if exploited. Remediation: upgrade Cognos Controller to 11.0.1 FP4 and Controller to 11.1.0.1 (cloud deploys have corresponding updates)....
CVE-2024-25037
CVE-2024-25037 affects IBM Cognos Controller (11.0.0–11.0.1) and IBM Controller (11.1.0). The issue allows a remote attacker to obtain sensitive information when a stack trace is returned in the browser, due to exposure in error reporting. Impact is described as information disclosure (CVSS 3.1/3...
CVE-2024-28777
CVE-2024-28777 affects IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0. It is caused by unrestricted deserialization of types in the application, enabling arbitrary code execution, privilege escalation, or denial of service. IBM’s security bulletin lists related fixes: Cognos Co...
CVE-2024-28780
CVE-2024-28780 affects IBM Cognos Controller (11.0.0–11.0.1 FP3) and IBM Controller (11.1.0) where weaker cryptographic algorithms could allow decryption of highly sensitive information. The IBM security bulletin identifies this under a set of vulnerabilities (tied to decrypting data) and lists r...
CVE-2023-47160
CVE-2023-47160 affects IBM Cognos Controller (11.0.0–11.0.1 FP3) and IBM Controller (11.1.0). The vulnerability is an XML External Entity Injection (XXE) when processing XML data, potentially exposing sensitive information or enabling resource consumption. IBM’s security bulletin lists remediatio...
CVE-2024-28776
Affected products: IBM Cognos Controller (11.0.0–11.0.1 FP3) and IBM Controller (11.1.0). Issue: cross-site scripting in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure in a trusted session. Root cause: XSS vulnerability in the web applica...
CVE-2024-45081
CVE-2024-45081 affects IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0. The issue is an incorrect authorization check that could allow an authenticated user to modify restricted content. CVSSv3.1 base score is 6.5 (Medium) with network attack, low privileges required, no user in...
CVE-2024-45084
CVE-2024-45084 affects IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0. An authenticated attacker could perform formula injection due to improper validation of file contents, potentially allowing arbitrary command execution on the system. Connected sources detail the affected pr...
CVE-2025-36326
CVE-2025-36326 affects IBM Cognos Controller 11.0.0–11.0.1 FP6 and IBM Controller 11.1.0–11.1.1. The issue arises from hardcoded cryptographic keys used to sign session cookies, enabling potential disclosure of sensitive information. The IBM security bulletin lists remediation: upgrade to IBM Cog...
CVE-2026-5065
CVE-2026-5065: IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contain hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Affected products: IBM Controller 11.0.1–11.1.2. Severity is high (CVSS v3.1: 8.8, NETWORK attack vector, ...
CVE-2025-36015
The CVE-2025-36015 entry affects IBM Controller (11.1.0–11.1.1) and IBM Cognos Controller (11.0.0–11.0.1 FP6). The vulnerability is caused by improper validation of a specified quantity size input, enabling an authenticated user to trigger a denial of service (availability impact: HIGH) without i...
CVE-2025-33111
CVE-2025-33111 affects IBM Controller 11.1.0–11.1.1 and IBM Cognos Controller 11.0.0–11.0.1 FP6. The issue is a race condition where temporary files are created without atomic operations, potentially exposing sensitive information to an authenticated user. Remediation per IBM security bulletin: u...
CVE-2025-36017
The CVE-2025-36017 issue affects IBM Controller (11.1.0–11.1.1) and IBM Cognos Controller (11.0.0–11.0.1 FP6), where unencrypted sensitive information is stored in environment variable files that an authenticated user can access. Red Hat and other feeds corroborate this description, noting the sa...
CVE-2025-36102
CVE-2025-36102 affects IBM Controller 11.1.0–11.1.1 and IBM Cognos Controller 11.0.0–11.0.1 FP6. The issue arises from client-side enforcement of server-side security, allowing a privileged user to bypass validation by passing user input into the application as trusted data. Impact described acro...