cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-22363,https://securityvulnerability.io/vulnerability/CVE-2022-22363,Sensitive Information Disclosure in IBM Cognos Controller and IBM Controller,"IBM Cognos Controller and IBM Controller are vulnerable to a sensitive information disclosure issue that allows remote attackers to access confidential data. This occurs when detailed technical error messages are returned to the user, potentially revealing critical system information. Such disclosures can be leveraged by attackers to exploit additional vulnerabilities within the affected systems, heightening security risks.",IBM,"Controller,Cognos Controller",4.3,MEDIUM,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-07T16:07:00.578Z,0
CVE-2021-20455,https://securityvulnerability.io/vulnerability/CVE-2021-20455,Information Disclosure Vulnerability in IBM Cognos Controller,"A potential information disclosure vulnerability exists in IBM Cognos Controller versions 11.0.0 to 11.0.1 and IBM Controller 11.1.0. This vulnerability may allow a remote attacker to glean sensitive information through the improper handling of detailed error messages returned by the system. These error messages could reveal insights that may facilitate further attacks, making it imperative for users to mitigate this risk.",IBM,"Controller,Cognos Controller",3.7,LOW,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-07T16:04:37.010Z,0
CVE-2024-45676,https://securityvulnerability.io/vulnerability/CVE-2024-45676,Insecure File Upload Vulnerability Affects IBM Cognos Controller,"IBM Cognos Controller 11.0.0 and 11.0.1 







could allow an authenticated user to upload insecure files, due to insufficient file type distinction.",IBM,Cognos Controller,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-12-03T18:15:00.000Z,0
CVE-2024-41775,https://securityvulnerability.io/vulnerability/CVE-2024-41775,IBM Cognos Controller Vulnerability: Weak Cryptographic Algorithms Expose Sensitive Data,"IBM Cognos Controller versions 11.0.0 and 11.0.1 are impacted by a vulnerability that stems from the use of cryptographic algorithms deemed weaker than necessary. This weakness may lead to the decryption of highly sensitive information, which poses a significant risk to organizations utilizing this software. Effective measures should be considered to mitigate the potential exposure, ensuring that robust encryption methodologies are employed to safeguard sensitive data.",IBM,Cognos Controller,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-12-03T18:15:00.000Z,0
CVE-2024-41776,https://securityvulnerability.io/vulnerability/CVE-2024-41776,IBM Cognos Controller vulnerable to Cross-Site Request Forgery,"IBM Cognos Controller 11.0.0 and 11.0.1 











is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.",IBM,Cognos Controller,6.5,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-12-03T18:15:00.000Z,0
CVE-2024-25020,https://securityvulnerability.io/vulnerability/CVE-2024-25020,Cognos Controller Vulnerable to Malicious File Upload Attacks,"IBM Cognos Controller versions 11.0.0 and 11.0.1 are vulnerable to a significant security flaw that facilitates the upload of malicious files via the Journal entry page. This vulnerability stems from insufficient restrictions on filetype attachments, which could allow attackers to upload and execute harmful executable files within the system. Consequently, these files can be leveraged to conduct further attacks against victims, posing a considerable threat to data integrity and security.",IBM,Cognos Controller,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-12-03T18:15:00.000Z,0
CVE-2024-41777,https://securityvulnerability.io/vulnerability/CVE-2024-41777,IBM Cognos Controller Hard-Coded Credentials Vulnerability,"The vulnerability allows unauthorized access due to the presence of hard-coded credentials within IBM Cognos Controller versions 11.0.0 and 11.0.1. These credentials can be utilized for inbound authentication processes, facilitate outbound communications with external components, or be employed for the encryption of sensitive internal data. Organizations using these affected versions are advised to assess their security posture and consider remediation to safeguard their systems.",IBM,Cognos Controller,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-12-03T18:15:00.000Z,0
CVE-2024-25036,https://securityvulnerability.io/vulnerability/CVE-2024-25036,,"IBM Cognos Controller 11.0.0 and 11.0.1 





could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.",IBM,Cognos Controller,3.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-12-03T17:15:00.000Z,0
CVE-2024-25019,https://securityvulnerability.io/vulnerability/CVE-2024-25019,Malicious File Upload Vulnerability in IBM Cognos Controller,"IBM Cognos Controller versions 11.0.0 and 11.0.1 contain a security vulnerability that allows attackers to upload malicious files through unsupported file formats in Journal entry attachments. This lack of proper validation can lead to the execution of harmful executable files, enabling further attacks on the system. Organizations using these versions of IBM Cognos Controller are advised to implement stringent file validation measures to mitigate the risk.",IBM,Cognos Controller,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-12-03T17:15:00.000Z,0
CVE-2024-40691,https://securityvulnerability.io/vulnerability/CVE-2024-40691,File Upload Vulnerability in IBM Cognos Controller,"IBM Cognos Controller versions 11.0.0 and 11.0.1 are susceptible to a vulnerability that allows for the upload of malicious files through the web interface. This occurs due to the application’s failure to adequately validate the content of uploaded files. Exploitation of this flaw enables attackers to upload harmful executable files, potentially leading to further compromises within the affected system. Organizations utilizing these versions of Cognos Controller should take immediate action to secure their environments against this file upload weakness.",IBM,Cognos Controller,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-12-03T17:15:00.000Z,0
CVE-2024-25035,https://securityvulnerability.io/vulnerability/CVE-2024-25035,,"IBM Cognos Controller 11.0.0 and 11.0.1 



exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.",IBM,Cognos Controller,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-12-03T17:15:00.000Z,0
CVE-2021-29892,https://securityvulnerability.io/vulnerability/CVE-2021-29892,IBM Cognos Controller Vulnerability Could Lead to Sensitive Information Disclosure,"IBM Cognos Controller versions 11.0.0 and 11.0.1 are susceptible to a vulnerability that could enable remote attackers to acquire sensitive information. This situation arises from the failure to correctly implement HTTP Strict Transport Security (HSTS), which can be exploited through man-in-the-middle techniques. In the absence of proper security configurations, an attacker can intercept communications, leading to potential data breaches.",IBM,Cognos Controller,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-12-03T16:27:40.657Z,0
CVE-2023-40695,https://securityvulnerability.io/vulnerability/CVE-2023-40695,IBM Cognos Controller Session Invalidation Vulnerability,"A session management vulnerability exists in IBM Cognos Controller that compromises user session integrity. Specifically, the product fails to properly invalidate user sessions after logout, allowing an authenticated user to potentially impersonate another user still active in the system. This oversight poses a significant risk as it could lead to unauthorized access to sensitive information, manipulation of data, and compromised user identities. Organizations utilizing vulnerable versions should prioritize implementing fixes to enhance their security posture.",IBM,Cognos Controller,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-03T19:15:00.000Z,0
CVE-2021-20451,https://securityvulnerability.io/vulnerability/CVE-2021-20451,Cognos Controller Vulnerable to SQL Injection,"IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 have a vulnerability that allows for SQL injection. This flaw enables remote attackers to execute specially crafted SQL statements, which could lead to viewing, adding, modifying, or deleting sensitive data within the back-end database. Organizations utilizing affected versions are encouraged to implement necessary security measures to safeguard their data integrity and prevent potential exploitation.",IBM,Cognos Controller,7.2,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-03T18:16:24.867Z,0
CVE-2023-40696,https://securityvulnerability.io/vulnerability/CVE-2023-40696,Weaker Cryptographic Algorithms in IBM Cognos Controller Could Lead to Information Decryption,"IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 expose sensitive information due to the implementation of cryptographic algorithms that do not meet expected security standards. This vulnerability can be exploited to decrypt sensitive data, posing a significant risk to the confidentiality and integrity of user information. Organizations using affected versions should prioritize updates and evaluate their security posture to mitigate potential risks associated with this issue.",IBM,Cognos Controller,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-05-03T18:15:00.000Z,0
CVE-2023-23474,https://securityvulnerability.io/vulnerability/CVE-2023-23474,Cognos Controller Vulnerability Could Lead to Sensitive Information Disclosure,"A vulnerability exists in IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 that could allow a remote attacker to gain unauthorized access to sensitive information. This occurs when the application returns a stack trace in the browser, potentially exposing critical data and vulnerabilities that could be exploited. Users and administrators of IBM Cognos Controller should be aware of this issue and take appropriate measures to secure their deployments.",IBM,Cognos Controller,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T18:15:00.000Z,0
CVE-2023-28952,https://securityvulnerability.io/vulnerability/CVE-2023-28952,IBM Cognos Controller Vulnerable to Injection Attacks,"IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 experience a significant vulnerability stemming from inadequate sanitization of user-provided data within application logging. This flaw permits attackers to exploit injection attacks, potentially compromising the integrity and security of the application. Organizations using these versions of IBM Cognos Controller should review their logging methodologies and implement necessary safeguards against untrusted data to mitigate associated risks.",IBM,Cognos Controller,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T18:15:00.000Z,0
CVE-2022-22364,https://securityvulnerability.io/vulnerability/CVE-2022-22364,Cognos Controller Vulnerable to External Service Interaction Attack,"IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 are impacted by a vulnerability that allows a remote attacker to exploit improper validation of user input. This vulnerability facilitates external service interaction attacks, where an attacker can manipulate the application to make server-side DNS lookups or HTTP requests to arbitrary domain names. By leveraging crafted input, attackers can redirect the application server to initiate unwanted interactions with other systems, potentially leading to further security breaches. Relevant security measures should be taken to mitigate the risks associated with this vulnerability.",IBM,Cognos Controller,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T18:14:34.420Z,0
CVE-2021-20556,https://securityvulnerability.io/vulnerability/CVE-2021-20556,Cognos Controller Vulnerability Could Allow Username Enumeration,"IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 possess a security flaw that can be exploited by remote attackers to enumerate valid usernames. This occurs due to inconsistent error messages returned when users attempt to log in with non-existent usernames. Attackers can leverage these different messages to gain insights into which usernames are valid, potentially leading to unauthorized access or further attacks. Organizations utilizing these versions of IBM Cognos Controller should take precautionary measures to secure their applications against this vulnerability.",IBM,Cognos Controller,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T17:31:31.243Z,0
CVE-2021-20450,https://securityvulnerability.io/vulnerability/CVE-2021-20450,Cognos Controller Vulnerability: Unsecured Authorization Tokens and Session Cookies,"The IBM Cognos Controller is susceptible to a vulnerability which affects the handling of authorization tokens and session cookies by failing to set the secure attribute. This oversight creates an avenue for potential attackers to intercept cookie values. By crafting an HTTP link and enticing users to click it, attackers can capture cookie data as it is transmitted insecurely. Consequently, if users access affected versions of the Cognos Controller, the integrity of their sessions may be compromised, leading to unauthorized access to sensitive information. Secure handling of session tokens is critical to maintaining the confidentiality and security of user sessions.",IBM,Cognos Controller,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-03T16:55:57.932Z,0
CVE-2020-4874,https://securityvulnerability.io/vulnerability/CVE-2020-4874,IBM Cognos Controller Vulnerability: Weak Cryptographic Algorithms Expose Sensitive Data,"The vulnerability in IBM Cognos Controller arises from the use of weaker than expected cryptographic algorithms, which could potentially allow unauthorized access to highly sensitive information. As a result, attackers may exploit this flaw to decrypt critical data, compromising the security and confidentiality of the information handled by the IBM Cognos Controller. Organizations utilizing these specific versions of Cognos Controller should assess their security posture and take necessary actions to mitigate potential risks associated with this vulnerability.",IBM,Cognos Controller,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-05-03T16:47:19.927Z,0
CVE-2023-35020,https://securityvulnerability.io/vulnerability/CVE-2023-35020,IBM Sterling Control Center directory traversal,"IBM Sterling Control Center version 6.3.0 is susceptible to a directory traversal vulnerability, which enables remote attackers to manipulate URL requests by including 'dot dot' sequences. This exploitation could lead to unauthorized access to sensitive files within the system. Attackers sending specially crafted URL requests may gain visibility into arbitrary files, highlighting a significant security risk. Proper mitigation measures should be implemented to secure the affected systems against potential attacks. For further information, visit IBM's advisory page linked below.",IBM,Sterling Control Center,5.4,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2024-01-19T01:05:47.570Z,0
CVE-2022-38391,https://securityvulnerability.io/vulnerability/CVE-2022-38391,IBM Spectrum Control information disclosure,"
IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.

",IBM,Spectrum Control,5.1,MEDIUM,0.001019999966956675,false,false,false,false,,false,false,2022-12-20T20:31:35.551Z,0
CVE-2022-22329,https://securityvulnerability.io/vulnerability/CVE-2022-22329,,IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.,IBM,Control Desk,4.3,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2022-09-13T21:15:00.000Z,0
CVE-2022-22330,https://securityvulnerability.io/vulnerability/CVE-2022-22330,,"IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126.",IBM,Control Desk,3.7,LOW,0.0009899999713525176,false,false,false,false,,false,false,2022-09-12T00:00:00.000Z,0