CVE-2020-4685

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.

Published: Nov 11, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-4685
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / cognos_controller	10.3.0	10.3.0.x
ibm / cognos_controller	10.3.1	10.3.1.x
ibm / cognos_controller	10.4.0	10.4.0.x
ibm / cognos_controller	10.4.1	10.4.1.x
ibm / cognos_controller	10.4.2	10.4.2.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/186625
https://www.ibm.com/support/pages/node/6339995

Vulnerability Database

290,020

CVE-2020-4685