CVE-2019-4177Improper Privilege Management in IBM Cognos Controller

CWE-269Improper Privilege Management3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 85.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Controller
Timeline
PublishedJun 17
Latest updateMay 24

Description

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/cognos_controller5 versions+4
NVDibm/cognos_controller5 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-5345-wpqm-6qgf: IBM Cognos Controller 102022-05-24
CVEList
CVE-2019-4177: IBM Cognos Controller 102019-06-17
CVE-2019-4177 — Improper Privilege Management in IBM | cvebase