Vulnerabilities > IBM > Cognos Controller
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2020-4875 | XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2022-01-21 | CVE-2020-4876 | XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2022-01-21 | CVE-2020-4877 | Incorrect Authorization vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. | 7.5 |
| 2022-01-21 | CVE-2020-4879 | Improper Authentication vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. | 7.5 |
| 2020-11-11 | CVE-2020-4685 | Improper Privilege Management vulnerability in IBM Cognos Controller A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. | 6.5 |
| 2019-11-09 | CVE-2019-4412 | Information Exposure vulnerability in IBM Cognos Controller IBM Cognos Controller stores sensitive information in URL parameters. | 5.0 |
| 2019-11-09 | CVE-2019-4411 | Use of Insufficiently Random Values vulnerability in IBM Cognos Controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. | 4.0 |
| 2019-09-17 | CVE-2019-4175 | Inadequate Encryption Strength vulnerability in IBM Cognos Controller 10.4.0/10.4.1 IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-09-17 | CVE-2019-4171 | Missing Encryption of Sensitive Data vulnerability in IBM Cognos Controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2019-06-17 | CVE-2019-4177 | Improper Privilege Management vulnerability in IBM Cognos Controller IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |