CVE-2021-20461

MEDIUM

IBM Cognos Analytics <11.1 - Privilege Escalation

Title source: llm

Description

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.

References (3)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/196770

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210720-0007/

[Vendor Advisory] https://www.ibm.com/support/pages/node/6466729

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 41.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-668

Status published

Affected Products (9)

ibm/cognos_analytics < 11.0.13

ibm/cognos_analytics

netapp/oncommand_insight

Timeline

Published Jun 30, 2021

Tracked Since Feb 18, 2026