CVE-2020-4879: Critical severity ibm cognos controller vulnerability

Q: What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2020-4879.

Q: What is the severity of CVE-2020-4879?

The severity of CVE-2020-4879 is critical (9.8).

Q: Which versions of IBM Cognos Controller are affected by this vulnerability?

IBM Cognos Controller versions 10.4.0, 10.4.1, and 10.4.2 are affected by this vulnerability.

Q: How can a remote attacker exploit this vulnerability?

A remote attacker can exploit this vulnerability by bypassing security restrictions through improper validation of authentication cookies.

Q: Is there a fix available for this vulnerability?

Yes, IBM has provided a fix for this vulnerability. Please refer to the vendor's advisory for more information.

Published Jan 20, 2022

Updated

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

Other sources

IBM Cognos Controller could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies.

Affected Software

7 affected components

IBM Cognos Controller 10.4.2<=IBM Cognos Controller 10.4.2

IBM Cognos Controller 10.4.1<=IBM Cognos Controller 10.4.1

IBM Cognos Controller 10.4.0<=IBM Cognos Controller 10.4.0

IBM Cognos Controller=10.4.0

IBM Cognos Controller=10.4.1

IBM Cognos Controller=10.4.2

Microsoft Windows

Event History

Jan 20, 2022

CVE Published

via IBM·12:00 AM

Jan 21, 2022

CVE Published

via MITRE·05:20 PM

Data Sourced

via MITRE·05:20 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6509856

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2020-4879.

What is the severity of CVE-2020-4879?

The severity of CVE-2020-4879 is critical (9.8).

Which versions of IBM Cognos Controller are affected by this vulnerability?