Ibm

Cognos Controller

49 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-28952

  • EPSS 0.07%
  • Published 03.05.2024 18:15:08
  • Last modified 07.01.2025 19:19:12

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.

5.3

CVE-2023-23474

  • EPSS 0.05%
  • Published 03.05.2024 18:15:08
  • Last modified 07.01.2025 19:14:04

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

5.3

CVE-2021-20556

  • EPSS 0.07%
  • Published 03.05.2024 18:15:07
  • Last modified 07.01.2025 18:20:08

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

4.3

CVE-2021-20450

  • EPSS 0.09%
  • Published 03.05.2024 17:15:07
  • Last modified 18.06.2025 15:21:00

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the u...

7.5

CVE-2020-4874

  • EPSS 0.05%
  • Published 03.05.2024 17:15:07
  • Last modified 07.01.2025 18:18:25

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.

9.8

CVE-2020-4877

  • EPSS 0.35%
  • Published 21.01.2022 18:15:08
  • Last modified 21.11.2024 05:33:21

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.

8.2

CVE-2020-4875

  • EPSS 0.37%
  • Published 21.01.2022 18:15:08
  • Last modified 21.11.2024 05:33:21

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. ...

8.2

CVE-2020-4876

  • EPSS 0.37%
  • Published 21.01.2022 18:15:08
  • Last modified 21.11.2024 05:33:21

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. ...

9.8

CVE-2020-4879

  • EPSS 0.91%
  • Published 21.01.2022 18:15:08
  • Last modified 21.11.2024 05:33:21

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

7.2

CVE-2020-4685

  • EPSS 0.52%
  • Published 11.11.2020 13:15:14
  • Last modified 21.11.2024 05:33:07

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/...