CVE-2020-4685

Опубликовано: 11 нояб. 2020

Источник: nvd

CVSS3: 8

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/186625
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6339995
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/186625
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6339995
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cognos_controller:10.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_controller:10.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00522

Низкий

8 High

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jv3x-w786-8ggq

github

больше 3 лет назад

EPSS

Процентиль: 66%

0.00522

Низкий

8 High

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo