Insecure HTTP Methods Bypass in IBM Cognos Controller 10.x.x

Insecure HTTP Methods Bypass in IBM Cognos Controller 10.x.x

CVE-2019-4176 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.

Learn more about our Web Application Penetration Testing UK.