CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4879
https://notcve.org/view.php?id=CVE-2020-4879
21 Jan 2022 — IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. IBM Cognos Controller versiones 10.4.0, 10.4.1 y 10.4.2, podrían permitir a un atacante remoto omitir las restricciones de seguridad, causadas por una comprobación incorrecta de las cookies de autenticación. IBM X-Force ID: 190847 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190847 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4877
https://notcve.org/view.php?id=CVE-2020-4877
21 Jan 2022 — IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. IBM Cognos Controller versiones 10.4.0, 10.4.1 y 10.4.2, podrían ser vulnerables a modificaciones no autorizadas al usar campos públicos en clases públicas. IBM X-Force ID: 190843 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190843 • CWE-863: Incorrect Authorization •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4876
https://notcve.org/view.php?id=CVE-2020-4876
21 Jan 2022 — IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839. IBM Cognos Controller versiones 10.4.0, 10.4.1 y 10.4.2, son vulnerables a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer inform... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190839 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4875
https://notcve.org/view.php?id=CVE-2020-4875
21 Jan 2022 — IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838. IBM Cognos Controller versiones 10.4.0, 10.4.1 y 10.4.2, son vulnerables a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer inform... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190838 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4685
https://notcve.org/view.php?id=CVE-2020-4685
11 Nov 2020 — A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625. Un usuario de bajo nivel de IBM Cognos Controller versiones 10.3.0, 10.3.1, 10.4.0, 10.4.1 y 10.4.2, que tenga derechos de administración en el servidor donde está instalada la aplicac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186625 •