CVE-2020-4877Incorrect Authorization in IBM Cognos Controller

CWE-863Incorrect Authorization3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 42.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Controller
Timeline
PublishedJan 21
Latest updateJan 22

Description

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/cognos_controller10.4.0, 10.4.1, 10.4.2+2
NVDibm/cognos_controller10.4.0, 10.4.1, 10.4.2+2

🔴Vulnerability Details

2
GHSA
GHSA-96xp-643q-fhqg: IBM Cognos Controller 102022-01-22
CVEList
CVE-2020-4877: IBM Cognos Controller 102022-01-21
CVE-2020-4877 — Incorrect Authorization in IBM | cvebase