CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-4561

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile35.34th
Published2021年6月1日
Last Modified2024年11月21日

Vulnerability Description

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

Affected Platforms (CPE)

📦
Ibm

Cognos Analytics

= 11.0.0
📦
Ibm

Cognos Analytics

= 11.1.0
📦
Netapp

Oncommand Insight

All versions

References & Advisories

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/183903
🔗 https://security.netapp.com/advisory/ntap-20210622-0004/
🔗 https://www.ibm.com/support/pages/node/6451705
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/183903
🔗 https://security.netapp.com/advisory/ntap-20210622-0004/
🔗 https://www.ibm.com/support/pages/node/6451705

相關漏洞威脅

CVE-2021-389459.8

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper conten...

CVE-2021-296798.8

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing...

CVE-2018-17218.8

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remot...

CVE-2020-45208.8

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticat...