Product:

Cognos_analytics

(Ibm)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 84
Date Id Summary Products Score Patch Annotated
2022-06-24 CVE-2021-29768 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. Cognos_analytics, Oncommand_insight 6.5
2022-09-01 CVE-2021-39045 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. Cognos_analytics, Oncommand_insight 5.5
2022-09-01 CVE-2022-30614 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. Cognos_analytics, Oncommand_insight 7.5
2023-05-12 CVE-2021-39036 IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. Cognos_analytics 6.1
2019-09-17 CVE-2019-4183 IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. Cognos_analytics, Oncommand_insight 7.5
2019-09-17 CVE-2019-4342 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. Cognos_analytics, Oncommand_insight 5.4
2019-12-30 CVE-2019-4343 IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. Cognos_analytics, Oncommand_insight 6.5
2019-12-20 CVE-2019-4231 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. Cognos_analytics, Oncommand_insight 4.3
2022-11-03 CVE-2022-34339 "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." Cognos_analytics 6.5
2022-09-01 CVE-2020-4301 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. Cognos_analytics, Oncommand_insight 6.5