Ibm Cognos Command Center vulnerabilities

CVE-2025-2697 [CRITICAL] CWE-601 CVE-2025-2697: IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing at IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted

CVE-2025-1994 [HIGH] CWE-242 CVE-2025-1994: IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.

CVE-2025-1494 [MEDIUM] CWE-1021 CVE-2025-1494: IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking a IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

CVE-2024-31899 [MEDIUM] CWE-256 CVE-2024-31899: IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

CVE-2023-50324 [MEDIUM] CWE-200 CVE-2023-50324: IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header t IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038.

CVE-2022-38707 [MEDIUM] CWE-613 CVE-2022-38707: IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.

CVE-2013-4000 [MEDIUM] CWE-352 CVE-2013-4000: Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services.

CVE-2013-4001 [MEDIUM] CWE-287 CVE-2013-4001: Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to h Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.