CVE-2021-20556 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2021-20556
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181. IBM Cognos Controller 10.4.1, 10.4.2 y 11.0.0 podrían permitir que un usuario remoto enumere nombres de usuarios debido a mensajes de error diferenciadores en nombres de usuarios existentes. ID de IBM X-Force: 199181. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199181 https://www.ibm.com/support/pages/node/7149876 • CWE-204: Observable Response Discrepancy •
CVE-2023-23474 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2023-23474
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245403 https://www.ibm.com/support/pages/node/7149876 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2021-20450 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2021-20450
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640. IBM Cognos Controller 10.4.1, 10.4.2 y 11.0.0 no establece el atributo seguro en los tokens de autorización ni en las cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/196640 https://www.ibm.com/support/pages/node/7149876 •
CVE-2020-4874 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2020-4874
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190837 https://www.ibm.com/support/pages/node/7149876 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2024-34063 – Degraded secret zeroization capabilities in vodozemac
https://notcve.org/view.php?id=CVE-2024-34063
This marginally increases the risk of sensitive data exposure. • https://github.com/matrix-org/vodozemac/commit/297548cad4016ce448c4b5007c54db7ee39489d9 https://github.com/matrix-org/vodozemac/security/advisories/GHSA-c3hm-hxwf-g5c6 • CWE-1188: Initialization of a Resource with an Insecure Default •