Vulnerability Database

296,746

Total vulnerabilities in the database

CVE-2023-47160

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0

is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Published: Feb 19, 2025
Updated: May 4, 2025
CVE: CVE-2023-47160
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
ibm / cognos_controller	11.0.0	11.0.1.4
ibm / controller	11.1.0	11.1.0.x

https://www.ibm.com/support/pages/node/7183597

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo