CVE-2019-4171

Summary

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.

Affected Software

VendorProductVersion RangeStatus
IBMCognos Controller10.3.1affected
IBMCognos Controller10.3.0affected
IBMCognos Controller10.4.0affected
IBMCognos Controller10.4.1affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References