Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Cognos Controller  >> 11.0.0  Security Vulnerabilities
CVE-2023-40695
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-05-03
CVE-2023-40696
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-05-03
CVE-2023-23474
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.
CVSS Score
3.7
EPSS Score
0.0
Published
2024-05-03
CVE-2023-28952
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-03
CVE-2023-38724
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-05-03
CVE-2021-20556
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-03
CVE-2020-4874
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-05-03
CVE-2021-20450
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-05-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved