Vulnerability CVE-2019-4412

Vulnerability CVE-2019-4412

Published: 2019-11-09 Modified: 2019-11-11

Description:

IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
IBM -> Cognos controller

References:

https://exchange.xforce.ibmcloud.com/vulnerabilities/162659

https://www.ibm.com/support/pages/node/1086123

Copyright 2024, cxsecurity.com