IBM Cognos Controller Vulnerability Could Lead to Sensitive Information Disclosure
CVE-2021-29892

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 December 2024

Summary

IBM Cognos Controller versions 11.0.0 and 11.0.1 are susceptible to a vulnerability that could enable remote attackers to acquire sensitive information. This situation arises from the failure to correctly implement HTTP Strict Transport Security (HSTS), which can be exploited through man-in-the-middle techniques. In the absence of proper security configurations, an attacker can intercept communications, leading to potential data breaches.

Affected Version(s)

Cognos Controller 11.0.0, 11.0.1

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.