Latest ibm cognos command center Vulnerabilities

IBM-7112504
IBM Cognos Command Center<=10.2.5
IBM Cognos Command Center<=10.2.4.1
CVE-2023-50324
IBM Cognos Command Center information disclosure
IBM Cognos Command Center<=10.2.5
IBM Cognos Command Center<=10.2.4.1
IBM-6983274
IBM Cognos Command Center<=10.2.4.1
CVE-2022-38707
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.
IBM Cognos Command Center<=10.2.4.1
IBM Cognos Command Center=10.2.4.1
IBM Cognos Command Center<=10.2.4.1
CVE-2022-21624
An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown att...
IBM Cognos Command Center<=10.2.4.1
Oracle GraalVM=20.3.7
Oracle GraalVM=21.3.3
Oracle GraalVM=22.2.0
Oracle JDK=1.8.0-update341
Oracle JDK=1.8.0-update345
and 28 more
CVE-2022-31160
### Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call `.checkboxradio( "refresh" )` on such a w...
nuget/jQuery.UI.Combined<1.13.2
rubygems/jquery-ui-rails<7.0.0
maven/org.webjars.npm:jquery-ui<1.13.2
npm/jquery-ui<1.13.2
ubuntu/jqueryui<1.12.1+dfsg-5ubuntu0.18.04.1~
ubuntu/jqueryui<1.13.2
and 44 more
CVE-2022-2047
Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this...
Eclipse Jetty<9.4.46
Eclipse Jetty>=10.0.0<10.0.9
Eclipse Jetty>=11.0.0<=11.0.9
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp Element Plug-in For Vcenter Server
and 6 more
CVE-2022-2191
Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. By sending a specially-...
Eclipse Jetty>=10.0.0<=10.0.9
Eclipse Jetty>=11.0.0<=11.0.9
IBM Cognos Command Center<=10.2.4.1
CVE-2022-2048
### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the...
redhat/jenkins<0:2.401.1.1686831596-3.el8
redhat/jenkins<0:2.361.1.1672840472-1.el8
redhat/jenkins<0:2.361.1.1675668150-1.el8
maven/org.eclipse.jetty.http2:http2-server>=11.0.0<11.0.10
maven/org.eclipse.jetty.http2:http2-server>=10.0.0<10.0.10
maven/org.eclipse.jetty.http2:http2-server<9.4.47
and 14 more
CVE-2022-21449
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact...
redhat/java<17-openjdk-1:17.0.3.0.6-2.el8_5
redhat/java<17-openjdk-1:17.0.3.0.7-1.el9_0
debian/openjdk-17
IBM Cognos Command Center<=10.2.4.1
Oracle GraalVM=21.3.1
Oracle GraalVM=22.0.0.2
and 20 more
CVE-2021-34428
Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() me...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 19 more
CVE-2021-28169
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker coul...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 12 more
CVE-2021-28165
### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU re...
maven/org.eclipse.jetty:jetty-server>=11.0.0<11.0.2
maven/org.eclipse.jetty:jetty-server>=10.0.0<10.0.2
maven/org.eclipse.jetty:jetty-server>=7.2.2<9.4.39
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jenkins<0:2.277.3.1620393611-1.el8
redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8
and 29 more
CVE-2019-10241
Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability ...
Eclipse Jetty=9.2.0-20140523
Eclipse Jetty=9.2.0-20140526
Eclipse Jetty=9.2.0-maintenance_0
Eclipse Jetty=9.2.0-maintenance_1
Eclipse Jetty=9.2.0-rc0
Eclipse Jetty=9.2.1-20140609
and 138 more
CVE-2019-10247
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulner...
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.2.28
redhat/jetty<9.3.27
redhat/jetty<9.4.16
Eclipse Jetty=7.0.0-20091005
and 334 more
CVE-2018-12545
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many sma...
Eclipse Jetty=9.3.0-20150601
Eclipse Jetty=9.3.0-20150608
Eclipse Jetty=9.3.0-20150612
Eclipse Jetty=9.3.0-maintenance0
Eclipse Jetty=9.3.0-maintenance1
Eclipse Jetty=9.3.0-maintenance2
and 80 more
CVE-2018-12536
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled...
IBM Cognos Command Center<=10.2.4.1
Eclipse Jetty>=9.0.0<=9.2.26
Eclipse Jetty>=9.3.0<9.3.24
Eclipse Jetty>=9.4.0<9.4.11
Oracle Retail Xstore Point of Service=7.1
Oracle Retail Xstore Point of Service=15.0
and 2 more
CVE-2017-7657
Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulne...
debian/jetty9
IBM Cognos Command Center<=10.2.4.1
redhat/jetty<9.3.24.
redhat/jetty<9.4.11.
Eclipse Jetty<=9.2.26
Eclipse Jetty>=9.3.0<9.3.24
and 25 more
CVE-2017-7656
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line ...
debian/jetty9
Eclipse Jetty<=9.2.26
Eclipse Jetty>=9.3.0<9.3.24
Eclipse Jetty>=9.4.0<9.4.11
Debian Debian Linux=9.0
IBM Cognos Command Center<=10.2.4.1
CVE-2017-7658
Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulne...
debian/jetty9
IBM Cognos Command Center<=10.2.4.1
redhat/jetty<9.2.25.
redhat/jetty<9.3.24.
redhat/jetty<9.4.11.
Eclipse Jetty<=9.2.26
and 28 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203