threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm cognos controller
Product
ibm cognos controller
52 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-36102
>= 11.0.0 and < 11.0.1.7
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass v
2.7
LOW
CVE-2025-36015
>= 11.0.0 and < 11.0.1.7
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to caus
6.5
MEDIUM
CVE-2025-33111
>= 11.0.0 and < 11.0.1.7
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary fi
4.3
MEDIUM
CVE-2025-36326
>= 11.0.0 and <= 11.0.1
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive
3.7
LOW
CVE-2025-33079
all versions
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may b
6.5
MEDIUM
CVE-2022-39163
>= 11.0.0 and <= 11.0.1
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a d
4.7
MEDIUM
CVE-2023-47160
>= 11.0.0 and < 11.0.1.4
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection
8.2
HIGH
CVE-2024-45084
>= 11.0.0 and < 11.0.1.4
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formu
8.0
HIGH
CVE-2024-45081
>= 11.0.0 and < 11.0.1.4
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restrict
6.5
MEDIUM
CVE-2024-28780
>= 11.0.0 and < 11.0.1.4
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptograph
5.9
MEDIUM
CVE-2024-28777
>= 11.0.0 and < 11.0.1.4
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This
8.8
HIGH
CVE-2024-28776
>= 11.0.0 and < 11.0.1.4
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerabil
5.4
MEDIUM
CVE-2024-52902
>= 11.0.0 and < 11.0.1.4
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database password
8.8
HIGH
CVE-2024-40702
>= 11.0.0 and <= 11.0.1
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to g
8.2
HIGH
CVE-2024-28778
>= 11.0.0 and <= 11.0.1
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vuln
6.5
MEDIUM
CVE-2024-25037
>= 11.0.0 and <= 11.0.1
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive informatio
4.3
MEDIUM
CVE-2022-22363
>= 11.0.0 and <= 11.0.1
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive informatio
4.3
MEDIUM
CVE-2021-20455
>= 11.0.0 and <= 11.0.1
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive informatio
3.7
LOW
CVE-2024-45676
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient fi
4.3
MEDIUM
CVE-2024-41777
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which
7.5
HIGH
CVE-2024-41776
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to e
6.5
MEDIUM
CVE-2024-41775
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decryp
5.9
MEDIUM
CVE-2024-25020
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype att
5.5
MEDIUM
CVE-2024-40691
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file u
8.0
HIGH
CVE-2024-25036
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing user
4.3
MEDIUM
CVE-2024-25035
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the appli
5.3
MEDIUM
CVE-2024-25019
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded
5.5
MEDIUM
CVE-2021-29892
all versions
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to pr
5.9
MEDIUM
CVE-2023-40695
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user
6.3
MEDIUM
CVE-2022-22364
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validati
5.3
MEDIUM
CVE-2021-20451
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQ
6.0
MEDIUM
CVE-2023-40696
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker t
5.9
MEDIUM
CVE-2023-38724
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQ
6.3
MEDIUM
CVE-2023-28952
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user
5.3
MEDIUM
CVE-2023-23474
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace
3.7
LOW
CVE-2021-20556
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error mes
5.3
MEDIUM
CVE-2021-20450
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Att
4.3
MEDIUM
CVE-2020-4874
all versions
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker t
5.9
MEDIUM
CVE-2020-4879
all versions
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper
9.8
CRITICAL
CVE-2020-4877
all versions
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in publi
9.8
CRITICAL
CVE-2020-4876
all versions
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XM
8.2
HIGH
CVE-2020-4875
all versions
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XM
8.2
HIGH
CVE-2020-4685
all versions
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server w
7.2
HIGH
CVE-2019-4412
all versions
IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized part
5.3
MEDIUM
CVE-2019-4411
all versions
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to
4.3
MEDIUM
CVE-2019-4175
all versions
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an at
7.5
HIGH
CVE-2019-4171
all versions
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cook
3.7
LOW
CVE-2019-4177
all versions
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by anothe
3.3
LOW
CVE-2019-4176
all versions
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, ca
5.3
MEDIUM
CVE-2019-4174
all versions
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by anothe
3.3
LOW
CVE-2019-4173
all versions
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, ca
6.5
MEDIUM
CVE-2019-4136
all versions
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows
5.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin