CVE-2019-4589
First published: Thu Jul 30 2020(Updated: )
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Analytics | =11.0.0 | |
| IBM Cognos Analytics | =11.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-4589.
What is the severity of CVE-2019-4589?
The severity of CVE-2019-4589 is medium (4.6).
What software versions are affected by CVE-2019-4589?
IBM Cognos Analytics versions 11.0 and 11.1 are affected by CVE-2019-4589.
What is the CWE ID for CVE-2019-4589?
The CWE ID for CVE-2019-4589 is 269.
How can the privlege escalation vulnerability in IBM Cognos Analytics be fixed?
There is currently no known fix for the privlege escalation vulnerability in IBM Cognos Analytics. It is recommended to follow the mitigation steps provided by IBM.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/ibm-support
- source/IBM
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/11.0.0
- version/ibm cognos analytics/11.1.0