Ibm

Cognos Controller

53 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2022-22364

  • EPSS 0.03%
  • Veröffentlicht 03.05.2024 19:15:07
  • Zuletzt bearbeitet 07.01.2025 20:16:36

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform serve...

7.2

CVE-2021-20451

  • EPSS 0.07%
  • Veröffentlicht 03.05.2024 19:15:07
  • Zuletzt bearbeitet 07.01.2025 19:25:37

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X...

7.5

CVE-2023-40696

  • EPSS 0.05%
  • Veröffentlicht 03.05.2024 18:15:09
  • Zuletzt bearbeitet 07.01.2025 19:14:51

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.

9.8

CVE-2023-38724

  • EPSS 0.13%
  • Veröffentlicht 03.05.2024 18:15:08
  • Zuletzt bearbeitet 14.01.2025 20:16:26

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X...

5.3

CVE-2023-28952

  • EPSS 0.07%
  • Veröffentlicht 03.05.2024 18:15:08
  • Zuletzt bearbeitet 07.01.2025 19:19:12

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.

5.3

CVE-2023-23474

  • EPSS 0.05%
  • Veröffentlicht 03.05.2024 18:15:08
  • Zuletzt bearbeitet 07.01.2025 19:14:04

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

5.3

CVE-2021-20556

  • EPSS 0.07%
  • Veröffentlicht 03.05.2024 18:15:07
  • Zuletzt bearbeitet 07.01.2025 18:20:08

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

4.3

CVE-2021-20450

  • EPSS 0.09%
  • Veröffentlicht 03.05.2024 17:15:07
  • Zuletzt bearbeitet 18.06.2025 15:21:00

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the u...

7.5

CVE-2020-4874

  • EPSS 0.05%
  • Veröffentlicht 03.05.2024 17:15:07
  • Zuletzt bearbeitet 07.01.2025 18:18:25

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.

9.8

CVE-2020-4879

  • EPSS 0.91%
  • Veröffentlicht 21.01.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:33:21

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.