VDB

GCVE-110-NCSC-2025-64

GCVE-110-NCSC-2025-64
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published February 21, 2025
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Weaknesses (CWE)

CWE-377Insecure Temporary FileCWE-770Allocation of Resources Without Limits or ThrottlingCWE-130Improper Handling of Length Parameter InconsistencyCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-91XML Injection (aka Blind XPath Injection)CWE-611Improper Restriction of XML External Entity ReferenceCWE-295Improper Certificate ValidationCWE-284Improper Access ControlCWE-20Improper Input ValidationCWE-787Out-of-bounds WriteCWE-300Channel Accessible by Non-EndpointCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-502Deserialization of Untrusted DataCWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-863Incorrect AuthorizationCWE-798Use of Hard-coded Credentials

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
ibmcognos_controller

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›