Skip to main content

Cognos Command Center

6 CVEs product

Monthly

CVE-2025-2697 HIGH This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Cognos Command Center
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-1994 HIGH This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Cognos Command Center
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1494 MEDIUM This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cognos Command Center
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-31899 MEDIUM This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Command Center
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2013-4001 MEDIUM This Month

Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Cognos Command Center
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4000 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Cognos Command Center
NVD
CVSS 2.0
6.8
EPSS
0.1%
EPSS 0% CVSS 7.4
HIGH This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Cognos Command Center
NVD
EPSS 0% CVSS 7.8
HIGH This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Cognos Command Center
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cognos Command Center
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Command Center
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Cognos Command Center
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Cognos Command Center
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy