Cognos Command Center

cognos_command_center

Vendor: Ibm • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-2697 1Ibm 1Cognos Command Center Sep 2, 2025 Aug 26, 2025 N/A· v4 9.3 CRITICAL· v3 N/A· v2 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker co...Show more IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.Show less
CVE-2025-1994 1Ibm 1Cognos Command Center Sep 2, 2025 Aug 26, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.
CVE-2025-1494 1Ibm 1Cognos Command Center Sep 2, 2025 Aug 26, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerab...Show more IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.Show less
CVE-2024-31899 1Ibm 1Cognos Command Center Jan 7, 2025 Sep 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.
CVE-2023-50324 1Ibm 1Cognos Command Center Apr 23, 2025 Mar 1, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Forc...Show more IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038.Show less
CVE-2022-38707 1Ibm 1Cognos Command Center Nov 21, 2024 May 5, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.
CVE-2013-4001 1Ibm 1Cognos Command Center Apr 29, 2026 Dec 14, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.
CVE-2013-4000 1Ibm 1Cognos Command Center Apr 29, 2026 Dec 14, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services.