Cognos Controller Vulnerability Could Allow Username Enumeration
CVE-2021-20556
5.3MEDIUM
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.
Affected Version(s)
Cognos Controller = 10.4.1, 10.4.2, 11.0.0
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
LOW
Integrity:
NONE
Availability:
NONE
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database