Every CVE whose affected-product data names Ibm Cognos Controller, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (52)
CVE-2020-4879 — CVSS 9.8 (critical): IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper…
CVE-2020-4877 — CVSS 9.8 (critical): IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public…
CVE-2024-52902 — CVSS 8.8 (high): IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in…
CVE-2024-28777 — CVSS 8.8 (high): IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability…
CVE-2023-47160 — CVSS 8.2 (high): IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack…
CVE-2024-40702 — CVSS 8.2 (high): IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain…
CVE-2020-4875 — CVSS 8.2 (high): IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A…
CVE-2020-4876 — CVSS 8.2 (high): IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A…
CVE-2024-40691 — CVSS 8.0 (high): IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to…
CVE-2024-45084 — CVSS 8.0 (high): IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula…
CVE-2024-41777 — CVSS 7.5 (high): IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own…
CVE-2019-4175 — CVSS 7.5 (high): IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to…
CVE-2020-4685 — CVSS 7.2 (high): A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the…
CVE-2025-36015 — CVSS 6.5 (medium): IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a…
CVE-2024-41776 — CVSS 6.5 (medium): IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2025-33079 — CVSS 6.5 (medium): IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be…
CVE-2019-4173 — CVSS 6.5 (medium): IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a…
CVE-2024-28778 — CVSS 6.5 (medium): IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability…
CVE-2024-45081 — CVSS 6.5 (medium): IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content…
CVE-2023-38724 — CVSS 6.3 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL…
CVE-2023-40695 — CVSS 6.3 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to…
CVE-2021-20451 — CVSS 6.0 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL…
CVE-2024-28780 — CVSS 5.9 (medium): IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms…
CVE-2024-41775 — CVSS 5.9 (medium): IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2020-4874 — CVSS 5.9 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt…
CVE-2021-29892 — CVSS 5.9 (medium): IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly…
CVE-2023-40696 — CVSS 5.9 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt…
CVE-2024-25019 — CVSS 5.5 (medium): IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal…
CVE-2024-25020 — CVSS 5.5 (medium): IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal…
CVE-2024-28776 — CVSS 5.4 (medium): IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows…
CVE-2019-4136 — CVSS 5.4 (medium): IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to…
CVE-2021-20556 — CVSS 5.3 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on…
CVE-2023-28952 — CVSS 5.3 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided…
CVE-2024-25035 — CVSS 5.3 (medium): IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application…
CVE-2022-22364 — CVSS 5.3 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of…
CVE-2019-4176 — CVSS 5.3 (medium): IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by…
CVE-2019-4412 — CVSS 5.3 (medium): IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have…
CVE-2022-39163 — CVSS 4.7 (medium): IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a…
CVE-2024-45676 — CVSS 4.3 (medium): IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type…
CVE-2019-4411 — CVSS 4.3 (medium): IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to…
CVE-2021-20450 — CVSS 4.3 (medium): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers…
CVE-2022-22363 — CVSS 4.3 (medium): IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a…
CVE-2024-25036 — CVSS 4.3 (medium): IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent…
CVE-2024-25037 — CVSS 4.3 (medium): IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a…
CVE-2025-33111 — CVSS 4.3 (medium): IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files…
CVE-2025-36326 — CVSS 3.7 (low): IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive…
CVE-2021-20455 — CVSS 3.7 (low): IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a…
CVE-2019-4171 — CVSS 3.7 (low): IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This…
CVE-2023-23474 — CVSS 3.7 (low): IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is…
CVE-2019-4177 — CVSS 3.3 (low): IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on…
CVE-2019-4174 — CVSS 3.3 (low): IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on…
CVE-2025-36102 — CVSS 2.7 (low): IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass…