IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.
2025-03-26T14:15:20.793
2025-07-03T20:52:01.790
Analyzed
CVSSv3.1: 4.7 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | cognos_controller | ≤ 11.0.1 | Yes |
| Application | ibm | controller | 11.1.0 | Yes |
| Operating System | microsoft | windows | - | No |