CVE-2020-4685
Last modified
CVE-2020-4685 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.. EPSS estimates a 1.43% chance of exploitation in the next 30 days.
Description
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Cognos Controller | 10.3.0 |
| Ibm | Cognos Controller | 10.3.1 |
| Ibm | Cognos Controller | 10.4.0 |
| Ibm | Cognos Controller | 10.4.1 |
| Ibm | Cognos Controller | 10.4.2 |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/186625VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6339995Patch, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/186625VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6339995Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-4685?
How severe is CVE-2020-4685?
How do I fix CVE-2020-4685?
Are you affected by CVE-2020-4685?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST