Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Cognos Controller 信息泄露漏洞
Vulnerability Description
IBM Cognos Controller是美国IBM公司的一套商业智能与计划解决方案。该产品具有流程自动化、财务审计控制、创建和管理财务报告等功能。 IBM Cognos Controller中存在安全漏洞,该漏洞源于程序没有对授权令牌或会话cookies设置安全属性。攻击者可通过实施中间人攻击利用该漏洞获取敏感信息。以下产品及版本受到影响:IBM Cognos Controller 10.4.1版本,10.4.0版本,10.3.1版本,10.3.0版本。
CVSS Information
N/A
Vulnerability Type
N/A