Lucene search

IbmCVE-2021-20556

HistoryMay 03, 2024 - 6:15 p.m.

CVE-2021-20556

2024-05-0318:15:07

CWE-204

ibm

web.nvd.nist.gov

ibm

cognos controller

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

Affected configurations

Vulners

Vulnrichment

Node

ibmcognos_controllerMatch10.4.1

ibmcognos_controllerMatch10.4.2

ibmcognos_controllerMatch11.0.0

VendorProductVersionCPE
ibmcognos_controller10.4.1cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*
ibmcognos_controller10.4.2cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*
ibmcognos_controller11.0.0cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cognos_controller	10.4.1	cpe:2.3:a:ibm:cognos_controller:10.4.1:::::::*
ibm	cognos_controller	10.4.2	cpe:2.3:a:ibm:cognos_controller:10.4.2:::::::*
ibm	cognos_controller	11.0.0	cpe:2.3:a:ibm:cognos_controller:11.0.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cognos Controller",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.4.1, 10.4.2, 11.0.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/199181

www.ibm.com/support/pages/node/7149876

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2021-20556