First published: Wed Nov 11 2020(Updated: )
A low level user of Cognos Controller who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cognos Controller | =10.3.0 | |
IBM Cognos Controller | =10.3.1 | |
IBM Cognos Controller | =10.4.0 | |
IBM Cognos Controller | =10.4.1 | |
IBM Cognos Controller | =10.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this security issue is CVE-2020-4685.
CVE-2020-4685 has a severity level of high.
IBM Cognos Controller versions 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 are affected by CVE-2020-4685.
If CVE-2020-4685 is exploited, a low level user with Administration rights to the server can escalate their privilege and gain Super Admin access, allowing them to create, update, and delete any level of user in Cognos Controller.
You can find more information about CVE-2020-4685 on the IBM X-Force Exchange website and the IBM Support website.