This page lists publicly disclosed CVE vulnerabilities affecting ibm cognos_command_center (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-2697 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | [email protected] | 7.4 | 0.06% | 2025-08-26 | 2025-09-02 |
| CVE-2025-1994 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. | [email protected] | 7.8 | 0.01% | 2025-08-26 | 2025-09-02 |
| CVE-2025-1494 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | [email protected] | 6.1 | 0.02% | 2025-08-26 | 2025-09-02 |
| CVE-2024-31899 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | [email protected] | 4.3 | 0.05% | 2024-09-26 | 2025-01-07 |
| CVE-2023-50324 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038. | [email protected] | 5.3 | 0.06% | 2024-03-01 | 2025-04-23 |
| CVE-2022-38707 | IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. | [email protected] | 4.0 | 0.04% | 2023-05-05 | 2024-11-21 |
| CVE-2013-4001 | Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | [email protected] | 4.3 | 0.17% | 2013-12-14 | 2026-04-29 |
| CVE-2013-4000 | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services. | [email protected] | 6.8 | 0.09% | 2013-12-14 | 2026-04-29 |