High Severity

Security Bulletin: IBM Cognos Controller 2019Q4 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller

Share this post:

This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Controller 10.4.1 IF2, 10.4.0 IF5, 10.3.1 IF12 and 10.3.0 FP1 IF13.

A vulnerability exists in IBM Cognos Controller that could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names.

IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

IBM Cognos Controller consumes Faster XML Jackson. A vulnerability exists in Faster XML Jackson-Databind that could be exploitable by an attacker.

Affected product(s) and affected version(s):

IBM Cognos Controller 10.4.1
IBM Cognos Controller 10.4.0
IBM Cognos Controller 10.3.1
IBM Cognos Controller 10.3.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1086123

More High Severity stories

Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics

Jan 5, 2020 8:03 pm EST | High Severity

This Security Bulletin addresses vulnerabilities that have been addressed in IBM Cognos Analytics 11.1.4 and 11.0.13 FP2. A vulnerability has been addressed where a parameter in a Cognos URL can be modified such that Cognos HTTP messages are forwarded to a hostile server. (CVE-2018-1721) A vulnerability has been addressed where the The X-Powered-By attribute is ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform

Jan 5, 2020 7:44 pm EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 or Version 8 used by Financial Transaction Manager for Check Services for Multi-Platform (FMT CHK). Financial Transaction Manager for Check Services for Multi-Platform has addressed the applicable CVEs. Affected Products and Versions FTM CHK: v3.0.0.0 – 3.0.0.15, v3.0.2.0 – 3.0.2.1, v3.0.5.0 – 3.0.5.4 Refer ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform

Jan 5, 2020 7:24 pm EST | High Severity

There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform (FTM CPS). Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the applicable CVEs. Affected Products and Versions FTM CPS: v3.0.2.0 – 3.0.2.1, v3.2.1.0 Refer to the ...read more