CPE-9AA613D7-1FC8-4FF0-A77B-6FCFCCA05E29 Detail

CPE Details

IBM Cognos Controller 10.3.0

Vendor

ibm

Product

cognos_controller

Version

10.3.0

Created

2019-12-09
15h00 +00:00

Modified

2019-12-09
15h00 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:ibm:cognos_controller:10.3.0:::::::*

Informations

Vendor

ibm

Product

cognos_controller

Version

10.3.0

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2020-4685	2020-11-11 12h55 +00:00	A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.	7.2	High
CVE-2019-4412	2019-11-09 01h41 +00:00	IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.	5.3	Medium
CVE-2019-4411	2019-11-09 01h41 +00:00	IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.	4.3	Medium
CVE-2019-4171	2019-09-17 19h05 +00:00	IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.	3.7	Low
CVE-2019-4177	2019-06-17 15h10 +00:00	IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.	3.3	Low
CVE-2019-4176	2019-06-17 15h10 +00:00	IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.	5.3	Medium
CVE-2019-4174	2019-06-17 15h10 +00:00	IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.	3.3	Low
CVE-2019-4173	2019-06-17 15h10 +00:00	IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.	6.5	Medium
CVE-2019-4136	2019-06-17 15h10 +00:00	IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332.	5.4	Medium

IBM Cognos Controller 10.3.0

CPE Details

CPE Name: cpe:2.3:a:ibm:cognos_controller:10.3.0:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:ibm:cognos_controller:10.3.0:::::::*