CVE-2021-20451

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-20451
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.

6.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/196643 Vendor Advisory
https://www.ibm.com/support/pages/node/7149876 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/196643 Vendor Advisory
https://www.ibm.com/support/pages/node/7149876 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*
History

07 Jan 2025, 19:25

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/196643 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/196643 - Vendor Advisory
References () https://www.ibm.com/support/pages/node/7149876 - () https://www.ibm.com/support/pages/node/7149876 - Vendor Advisory
First Time Ibm
Ibm cognos Controller
CPE cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*

21 Nov 2024, 05:46

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/196643 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/196643 -
References () https://www.ibm.com/support/pages/node/7149876 - () https://www.ibm.com/support/pages/node/7149876 -
Summary
  • (es) IBM Cognos Controller 10.4.1, 10.4.2 y 11.0.0 es vulnerable a la inyección SQL. Un atacante remoto podría enviar declaraciones SQL especialmente diseñadas, que podrían permitirle ver, agregar, modificar o eliminar información en la base de datos back-end. ID de IBM X-Force: 196643.

03 May 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-03 19:15

Updated : 2025-01-07 19:25

NVD link : CVE-2021-20451

Mitre link : CVE-2021-20451

CVE.ORG link : CVE-2021-20451

JSON object : View

Products Affected

ibm

  • cognos_controller
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')