CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4175
https://notcve.org/view.php?id=CVE-2019-4175
17 Sep 2019 — IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. IBM Cognos Controller versiones 10.3.0, 10.3.1, 10.4.0 y 10.4.1, usa algoritmos criptográficos más débiles de los esperados que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 158880. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158880 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4171
https://notcve.org/view.php?id=CVE-2019-4171
17 Sep 2019 — IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876. IBM Cognos Controller versiones 10.3.0, 10.3.1, 10.4.0 y 10.4.1, no establece el atributo seguro en tokens de autorización o cookies de sesión. Esto podría permitir a un atacante obtener información confidencial usando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158876 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4177
https://notcve.org/view.php?id=CVE-2019-4177
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882. Las versiones 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 de IBM Cognos Controller permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID:158882. • http://www.ibm.com/support/docview.wss?uid=ibm10886913 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4176
https://notcve.org/view.php?id=CVE-2019-4176
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881. IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 podría permitir que un atacante remoto omita las restricciones de seguridad, debido a un error relacionado con métodos HTTP inseguros. Un atacante podría aprovechar esta ... • http://www.ibm.com/support/docview.wss?uid=ibm10886913 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4174
https://notcve.org/view.php?id=CVE-2019-4174
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879. Las versiones 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 de IBM Cognos Controller permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 158879. • http://www.ibm.com/support/docview.wss?uid=ibm10886913 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4173
https://notcve.org/view.php?id=CVE-2019-4173
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878. IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 podría permitirle a un atacante remoto obtener información confidencial, c... • http://www.ibm.com/support/docview.wss?uid=ibm10886913 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4136
https://notcve.org/view.php?id=CVE-2019-4136
17 Jun 2019 — IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332. Las versiones 10.2.0, 10.2.1, 10.3.0, 10.3.1 y 10.4.0 de IBM Cognos Controller son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar código JavaSc... • http://www.ibm.com/support/docview.wss?uid=ibm10886913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1775
https://notcve.org/view.php?id=CVE-2018-1775
27 Feb 2019 — IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757. Los productos de IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize y IBM FlashSystem, en sus versiones desde la 7.5 hasta la 8.2, podrían permitir a un atacante autenticado descargar archivos arbitrarios desde el sistema operativo. IBM X-Force ID: 148757. • http://www.securityfocus.com/bid/107187 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 1CVE-2018-1463 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1463
14 May 2018 — IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.... • https://packetstorm.news/files/id/147601 • CWE-863: Incorrect Authorization •
CVSS: 7.6EPSS: 0%CPEs: 46EXPL: 1CVE-2018-1462 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1462
14 May 2018 — IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7... • https://packetstorm.news/files/id/147601 • CWE-863: Incorrect Authorization •