CVE-2020-4879Improper Authentication in IBM Cognos Controller

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Controller
Timeline
PublishedJan 21
Latest updateJan 22

Description

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/cognos_controller10.4.0, 10.4.1, 10.4.2+2
NVDibm/cognos_controller10.4.0, 10.4.1, 10.4.2+2

🔴Vulnerability Details

2
GHSA
GHSA-mgwf-4gww-g338: IBM Cognos Controller 102022-01-22
CVEList
CVE-2020-4879: IBM Cognos Controller 102022-01-21
CVE-2020-4879 — Improper Authentication in IBM | cvebase