📦 Cognos Controller
by Ibm
🔍 What is Cognos Controller?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability in IBM Cognos Controller allows attackers to modify application behavior by exploiting public fields in public classes, potentially leading to unauthorized changes. It affects IBM C...
IBM Cognos Controller and IBM Controller are vulnerable to XML External Entity Injection (XXE) attacks when processing XML data. This allows remote attackers to read sensitive files from the server or...
IBM Cognos Controller and IBM Controller contain an unrestricted deserialization vulnerability that allows authenticated users to execute arbitrary code, escalate privileges, or cause denial of servic...
This vulnerability in IBM Cognos Controller allows authenticated attackers to perform formula injection attacks by manipulating file contents. Successful exploitation could lead to arbitrary command e...
IBM Cognos Controller and IBM Controller client applications contain hard-coded database passwords in their source code, allowing attackers to gain unauthorized access to database systems. This affect...
This vulnerability in IBM Cognos Controller and IBM Controller allows unauthorized users to obtain valid authentication tokens due to improper certificate validation. Attackers can use these tokens to...
IBM Cognos Controller versions 11.0.0 and 11.0.1 contain hard-coded credentials that could be used for authentication, communication, or data encryption. This vulnerability allows attackers who discov...
This vulnerability in IBM Cognos Controller allows attackers to upload malicious executable files through the web interface due to insufficient file validation. Attackers could upload malware that cou...
IBM Cognos Controller versions 10.4.0 through 10.4.2 contain an XML External Entity (XXE) vulnerability that allows remote attackers to read sensitive files from the server or cause denial of service ...
This vulnerability in IBM Controller and Cognos Controller allows authenticated attackers to potentially access sensitive information through race condition attacks on temporary file creation. It affe...
This vulnerability in IBM Controller and Cognos Controller allows authenticated users to cause denial of service by sending specially crafted input that triggers improper quantity size validation. Aff...
IBM Cognos Controller and IBM Controller Rich Client use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using IBM Cognos Controll...
This cross-site scripting (XSS) vulnerability in IBM Cognos Controller allows attackers to inject malicious JavaScript into the web interface. When exploited, it can steal user credentials or perform ...
This vulnerability exposes Artifactory API keys in IBM Cognos Controller and IBM Controller, allowing authenticated users to publish code to private packages or repositories under the organization's n...
CVE-2022-22363 is an information disclosure vulnerability in IBM Cognos Controller and IBM Controller that exposes detailed technical error messages to remote attackers. This sensitive information cou...
IBM Cognos Controller versions 11.0.0 and 11.0.1 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorized actions. This...
This vulnerability in IBM Cognos Controller allows authenticated users to upload insecure files due to insufficient file type validation. Attackers could potentially upload malicious files that might ...
IBM Cognos Controller versions 11.0.0 and 11.0.1 allow unrestricted file uploads in the Journal entry page, enabling attackers to upload malicious executable files. This vulnerability affects organiza...
IBM Cognos Controller versions 11.0.0 and 11.0.1 expose server details through an information disclosure vulnerability. This allows attackers to gather sensitive information about the application envi...
CVE-2021-29892 is an information disclosure vulnerability in IBM Cognos Controller where HTTP Strict Transport Security (HSTS) is not properly enabled, allowing man-in-the-middle attackers to intercep...
This SQL injection vulnerability in IBM Cognos Controller allows remote attackers to execute arbitrary SQL commands against the back-end database. Attackers could potentially view, modify, add, or del...
IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 fail to properly invalidate user sessions after logout, allowing an authenticated attacker to reuse old session tokens to impersonate other us...
IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using these specific...
IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 are vulnerable to injection attacks in application logging due to improper sanitization of user-provided data. This allows attackers to inject...
This vulnerability in IBM Cognos Controller allows remote attackers to enumerate valid usernames by analyzing differences in error messages. Attackers can determine which usernames exist in the system...
IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using these specific...
This vulnerability allows privileged users in IBM Controller/Cognos Controller to bypass server-side security validation by manipulating client-side inputs. It affects IBM Controller versions 11.1.0-1...