CVE-2019-4471

MEDIUM

IBM Cognos Analytics 11.0-11.1 - Info Disclosure

Title source: llm

Description

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.

References (3)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6451705

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/163780

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210622-0004/

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-311

Status published

Products (3)

ibm/cognos_analytics 11.0.0

ibm/cognos_analytics 11.1.0

netapp/oncommand_insight

Published Jun 01, 2021

Tracked Since Feb 18, 2026