controller · threatengine.sh

CVE-2025-36102

>= 11.1.0 and < 11.1.2

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass v

2.7LOW

CVE-2025-36017

>= 11.1.0 and < 11.1.2

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information

6.5MEDIUM

CVE-2025-36015

>= 11.1.0 and < 11.1.2

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to caus

6.5MEDIUM

CVE-2025-33111

>= 11.1.0 and < 11.1.2

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary fi

4.3MEDIUM

CVE-2025-36326

>= 11.1.0 and <= 11.1.1

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive

3.7LOW

CVE-2025-33079

all versions

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may b

6.5MEDIUM

CVE-2022-39163

all versions

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a d

4.7MEDIUM

CVE-2024-41778

all versions

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes i

5.3MEDIUM

CVE-2023-47160

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection

8.2HIGH

CVE-2024-45084

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formu

8.0HIGH

CVE-2024-45081

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restrict

6.5MEDIUM

CVE-2024-28780

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptograph

5.9MEDIUM

CVE-2024-28777

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This

8.8HIGH

CVE-2024-28776

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerabil

5.4MEDIUM

CVE-2024-52902

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database password

8.8HIGH

CVE-2024-50603

< 7.1.4191

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of sp

10.0CRITICAL

CVE-2024-40702

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to g

8.2HIGH

CVE-2024-28778

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vuln

6.5MEDIUM

CVE-2024-25037

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive informatio

4.3MEDIUM

CVE-2022-22363

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive informatio

4.3MEDIUM

CVE-2021-20455

all versions

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive informatio

3.7LOW

CVE-2021-40870

>= 6.2 and < 6.2.2043

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is po

9.8CRITICAL

CVE-2020-27568

all versions

Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the co

7.5HIGH

CVE-2020-26553

all versions

An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be u

9.8CRITICAL

CVE-2020-26552

all versions

An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not r

7.5HIGH

CVE-2020-26551

all versions

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.

7.5HIGH

CVE-2020-26550

all versions

An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is

7.5HIGH

CVE-2020-26549

all versions

An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to director

7.5HIGH

CVE-2020-26548

all versions

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute al

8.8HIGH

CVE-2020-13417

< 5.3

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-722

9.8CRITICAL

CVE-2020-13416

< 5.4.1066

An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required

6.5MEDIUM

CVE-2020-13415

<= 5.1

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider

7.5HIGH

CVE-2020-13414

< 5.4.1204

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.

7.5HIGH

CVE-2020-13413

< 5.4.1204

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which mak

5.3MEDIUM

CVE-2020-13412

< 5.4.1204

An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to c

8.8HIGH

ibm controller