CVE-2019-4589: Medium severity ibm cognos analytics vulnerability

Published Jul 30, 2020

Updated

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.

Other sources

IBM Cognos Analytics is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user.

Affected Software

2 affected components

IBM Cognos Analytics=11.0.0

IBM Cognos Analytics=11.1.0

Event History

Jul 30, 2020

CVE Published

via IBM·12:00 AM

Data Sourced

via IBM·12:00 AM

DescriptionSeverityAffected Software

Aug 3, 2020

CVE Published

via MITRE·12:35 PM

Data Sourced

via MITRE·12:35 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6252853

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2019-4589.

What is the severity of CVE-2019-4589?

The severity of CVE-2019-4589 is medium (4.6).

What software versions are affected by CVE-2019-4589?

IBM Cognos Analytics versions 11.0 and 11.1 are affected by CVE-2019-4589.

What is the CWE ID for CVE-2019-4589?

The CWE ID for CVE-2019-4589 is 269.

How can the privlege escalation vulnerability in IBM Cognos Analytics be fixed?

There is currently no known fix for the privlege escalation vulnerability in IBM Cognos Analytics. It is recommended to follow the mitigation steps provided by IBM.