📦 Controller

IBM Cognos Controller and IBM Controller are vulnerable to XML External Entity Injection (XXE) attacks when processing XML data. This allows remote attackers to read sensitive files from the server or...

IBM Cognos Controller and IBM Controller contain an unrestricted deserialization vulnerability that allows authenticated users to execute arbitrary code, escalate privileges, or cause denial of servic...

This vulnerability in IBM Cognos Controller allows authenticated attackers to perform formula injection attacks by manipulating file contents. Successful exploitation could lead to arbitrary command e...

IBM Cognos Controller and IBM Controller client applications contain hard-coded database passwords in their source code, allowing attackers to gain unauthorized access to database systems. This affect...

This vulnerability in IBM Cognos Controller and IBM Controller allows unauthorized users to obtain valid authentication tokens due to improper certificate validation. Attackers can use these tokens to...

This vulnerability in IBM Controller and Cognos Controller allows authenticated attackers to potentially access sensitive information through race condition attacks on temporary file creation. It affe...

This vulnerability in IBM Controller and Cognos Controller allows authenticated users to cause denial of service by sending specially crafted input that triggers improper quantity size validation. Aff...

IBM Controller and Cognos Controller versions store sensitive information unencrypted in environmental variables files, allowing authenticated users to access credentials or other confidential data. T...

IBM Cognos Controller and IBM Controller Rich Client use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using IBM Cognos Controll...

This cross-site scripting (XSS) vulnerability in IBM Cognos Controller allows attackers to inject malicious JavaScript into the web interface. When exploited, it can steal user credentials or perform ...

This vulnerability exposes Artifactory API keys in IBM Cognos Controller and IBM Controller, allowing authenticated users to publish code to private packages or repositories under the organization's n...

CVE-2022-22363 is an information disclosure vulnerability in IBM Cognos Controller and IBM Controller that exposes detailed technical error messages to remote attackers. This sensitive information cou...

This vulnerability allows privileged users in IBM Controller/Cognos Controller to bypass server-side security validation by manipulating client-side inputs. It affects IBM Controller versions 11.1.0-1...