Easy to Guess Session Identifier Names in IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1

Easy to Guess Session Identifier Names in IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1

CVE-2019-4411 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.

Learn more about our User Device Pen Test.