Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-03 | CVE-2023-40695 | Unspecified vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |
| 2024-05-03 | CVE-2021-20556 | Information Exposure Through Discrepancy vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. | 5.3 |
| 2024-05-03 | CVE-2023-23474 | Unspecified vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. | 5.3 |
| 2024-05-03 | CVE-2023-28952 | Improper Encoding or Escaping of Output vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. | 5.3 |
| 2024-05-03 | CVE-2023-38724 | Unspecified vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. | 9.8 |
| 2024-05-03 | CVE-2023-40696 | Unspecified vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-05-03 | CVE-2020-4874 | Unspecified vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-05-03 | CVE-2023-37407 | Unspecified vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2024-04-25 | CVE-2024-25026 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. | 7.5 |
| 2024-04-19 | CVE-2022-40745 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. | 5.5 |