First published: Sat Nov 09 2019(Updated: )
IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cognos Controller | =10.3.0 | |
IBM Cognos Controller | =10.3.1 | |
IBM Cognos Controller | =10.4.0 | |
IBM Cognos Controller | =10.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-4412.
The severity of CVE-2019-4412 is medium with a severity value of 5.3.
This vulnerability allows unauthorized parties to access sensitive information stored in URL parameters, leading to potential information disclosure.
This vulnerability affects IBM Cognos Controller versions 10.3.0, 10.3.1, 10.4.0, and 10.4.1.
To mitigate this vulnerability, ensure that unauthorized parties do not have access to the URLs containing sensitive information. Also, review server logs, disable referrer headers if not necessary, and clear browser history regularly.