本ページは ibm cognos_command_center に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-2697 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | [email protected] | 7.4 | 0.34% | 2025-08-26 | 2026-06-17 |
| CVE-2025-1994 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. | [email protected] | 7.8 | 0.15% | 2025-08-26 | 2026-06-17 |
| CVE-2025-1494 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | [email protected] | 6.1 | 0.27% | 2025-08-26 | 2026-06-17 |
| CVE-2024-31899 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | [email protected] | 4.3 | 0.18% | 2024-09-26 | 2026-06-17 |
| CVE-2023-50324 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038. | [email protected] | 5.3 | 0.43% | 2024-02-29 | 2026-06-17 |
| CVE-2022-38707 | IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. | [email protected] | 4.0 | 0.16% | 2023-05-05 | 2026-06-17 |
| CVE-2013-4001 | Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | [email protected] | 4.3 | 0.98% | 2013-12-14 | 2026-06-16 |
| CVE-2013-4000 | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services. | [email protected] | 6.8 | 0.57% | 2013-12-14 | 2026-06-16 |