Cybersecurity Trends That Will Be Dominating 2022
January 24, 2022Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
January 24, 2022Cybersecurity Trends That Will Be Dominating 2022
January 24, 2022Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
January 24, 2022Severity
High
Analysis Summary
CVE-2020-4875; CVE-2020-4876
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2020-4877
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes.
CVE-2020-4879
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies.
Impact
- Exposure of Sensitive Data
- Privilege Escalation
Affected Vendors
IBM
Affected Products
- IBM Cognos Controller 10.4.0
- IBM Cognos Controller 10.4.1
- IBM Cognos Controller 10.4.2
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.