Mayank Somani

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Master Data Management Collaboration Server versions 11.4 through 11.6 **Description** The issue allows an authenticated user with CA level access to change their `ca-id` to another user's, potentially enabling them to read sensitive information. **Recommendations** For versions 11.4 through 11.6, restrict access to CA level functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Business Intelligence version 10.2 **Description** The issue allows a user with lower privilege capabilities to adopt the capabilities of a higher-privilege user. This is achieved by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. **Recommendations** For IBM Cognos Business Intelligence version 10.2, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a fix is available. As a temporary workaround, review and strengthen cookie handling and session management practices to prevent unauthorized reuse of cookie values.