Cognos Command Center Exposes Sensitive User Information
CVE-2024-31899

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Command Center
Vendor: CVE Published:; 26 September 2024

Summary

A security issue exists in IBM Cognos Command Center that allows an authenticated user with physical access to a compromised device to gain access to highly sensitive user information. This vulnerability raises serious concerns about data protection, particularly in environments where sensitive data is processed. Organizations using the affected versions should be aware of the potential risks and implement appropriate security measures.

Affected Version(s)

Cognos Command Center 10.2.4.1, 10.2.5

References

https://www.ibm.com/support/pages/node/7149734

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Apr 7, 2024