Vulnerabilities > CVE-2020-4561 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ibm
netapp
CWE-829

Summary

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

Vulnerable Configurations

Part Description Count
Application
Ibm
2
Application
Netapp
1