CVE-2020-4874Use of a Broken or Risky Cryptographic Algorithm in IBM Cognos Controller

CWE-327Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources
Severity
7.5HIGHNVD
CNA5.9
EPSS
0.1%
top 83.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Controller
Timeline
PublishedMay 3

Description

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cognos_controller10.4.1, 10.4.2, 11.0.0
NVDibm/cognos_controller10.4.1, 10.4.2, 11.0.0+2

🔴Vulnerability Details

2
CVEList
IBM Cognos Controller information disclosure2024-05-03
GHSA
GHSA-9r44-rxj7-mwq3: IBM Cognos Controller 102024-05-03
CVE-2020-4874 — IBM Cognos Controller vulnerability | cvebase