CVE-2020-4561

CRITICAL

IBM Cognos Analytics <11.1 - Info Disclosure

Title source: llm

Description

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

References (3)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6451705

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/183903

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210622-0004/

Scores

CVSS v3 10.0

EPSS 0.0087

EPSS Percentile 75.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-829

Status published

Products (3)

ibm/cognos_analytics 11.0.0

ibm/cognos_analytics 11.1.0

netapp/oncommand_insight

Published Jun 01, 2021

Tracked Since Feb 18, 2026