Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cognos_analytics
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 84 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-01 | CVE-2019-4724 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. | Cognos_analytics, Oncommand_insight | 7.5 | ||
| 2021-06-01 | CVE-2019-4730 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. | Cognos_analytics, Oncommand_insight | 7.1 | ||
| 2021-06-01 | CVE-2020-4300 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607. | Cognos_analytics, Oncommand_insight | 8.2 | ||
| 2021-06-01 | CVE-2020-4354 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506. | Cognos_analytics, Oncommand_insight | 5.4 | ||
| 2021-10-15 | CVE-2020-4951 | IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | Cognos_analytics, Oncommand_insight | 3.3 | ||
| 2021-10-15 | CVE-2021-29679 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915. | Cognos_analytics, Oncommand_insight | 8.8 | ||
| 2020-08-03 | CVE-2019-4366 | IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. | Cognos_analytics | 5.3 | ||
| 2020-08-03 | CVE-2020-4377 | IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156. | Cognos_analytics | 9.1 | ||
| 2020-10-12 | CVE-2020-4302 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610. | Cognos_analytics | 7.8 | ||
| 2020-10-12 | CVE-2020-4388 | IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270. | Cognos_analytics | 8.2 |