CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38707 – IBM Cognos Command Center information disclosure
https://notcve.org/view.php?id=CVE-2022-38707
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. • https://exchange.xforce.ibmcloud.com/vulnerabilities/234179 https://www.ibm.com/support/pages/node/6983274 • CWE-613: Insufficient Session Expiration •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4000
https://notcve.org/view.php?id=CVE-2013-4000
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services. Múltiple vulnerabilidades CSRF (cross-site request forgery) en IBM Cognos Command Center anterior a 10.2 que permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que (1) se inician o (2) se detienen servicios. • http://www-01.ibm.com/support/docview.wss?uid=swg21657932 https://exchange.xforce.ibmcloud.com/vulnerabilities/85150 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4001
https://notcve.org/view.php?id=CVE-2013-4001
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. Vulnerabilidad de fijación de sesión en IBM Cognos Command Center anterior a la versión 10.2 permite a atacantes remotos secuestrar sesiones web a través de una cookie de autorización. • http://www-01.ibm.com/support/docview.wss?uid=swg21657932 https://exchange.xforce.ibmcloud.com/vulnerabilities/85151 • CWE-287: Improper Authentication •