Cognos Controller Vulnerable to SQL Injection
CVE-2021-20451
6MEDIUM
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.
Affected Version(s)
Cognos Controller = 10.4.1, 10.4.2, 11.0.0
CVSS V3.1
Score:
6
Severity:
MEDIUM
Confidentiality:
HIGH
Integrity:
LOW
Availability:
LOW
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database