Controller Security Vulnerabilities and Issues — Controller CVE List

Lucene search

IbmController

5 matches found

CVE•added 2025/01/07 4:15 p.m.•48 views

CVE-2024-40702

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.

8.2CVSS6.9AI score0.00045EPSS

CVE•added 2025/02/19 4:15 p.m.•41 views

CVE-2024-28777

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the ...

8.8CVSS8.9AI score0.00792EPSS

CVE•added 2025/02/19 5:15 p.m.•36 views

CVE-2023-47160

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

8.2CVSS8.2AI score0.00235EPSS

CVE•added 2025/02/19 3:15 p.m.•35 views

CVE-2024-52902

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.

8.8CVSS8.6AI score0.00081EPSS

CVE•added 2025/02/19 4:15 p.m.•34 views

CVE-2024-45084

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.

8CVSS8.2AI score0.00252EPSS