CVE-2019-4171

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.

Published: Sep 17, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-4171
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.7
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-311

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
ibm / cognos_controller	10.3.0	10.3.0.x
ibm / cognos_controller	10.3.1	10.3.1.x
ibm / cognos_controller	10.4.0	10.4.0.x
ibm / cognos_controller	10.4.1	10.4.1.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/158876
https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller

Vulnerability Database

290,020

CVE-2019-4171