CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4176
https://notcve.org/view.php?id=CVE-2019-4176
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881. IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 podría permitir que un atacante remoto omita las restricciones de seguridad, debido a un error relacionado con métodos HTTP inseguros. Un atacante podría aprovechar esta ... • http://www.ibm.com/support/docview.wss?uid=ibm10886913 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4174
https://notcve.org/view.php?id=CVE-2019-4174
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879. Las versiones 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 de IBM Cognos Controller permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 158879. • http://www.ibm.com/support/docview.wss?uid=ibm10886913 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4173
https://notcve.org/view.php?id=CVE-2019-4173
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878. IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 podría permitirle a un atacante remoto obtener información confidencial, c... • http://www.ibm.com/support/docview.wss?uid=ibm10886913 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4136
https://notcve.org/view.php?id=CVE-2019-4136
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332. Las versiones 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 de IBM Cognos Controller son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar código JavaSc... • http://www.ibm.com/support/docview.wss?uid=ibm10886913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •