CVE-2021-20455

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1 IBM Controller version 11.1.0

Description The issue allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. The vulnerability is related to shortcomings in the error reporting mechanism, which could enable an attacker to gain unauthorized access to protected information.

Recommendations For IBM Cognos Controller versions 11.0.0 through 11.0.1, consider disabling detailed technical error messages in the browser to minimize the risk of exploitation. For IBM Controller version 11.1.0, restrict access to error messages to prevent unauthorized information disclosure. As a temporary workaround, consider implementing additional logging and monitoring to detect potential exploitation attempts until a patch is available.