Product:

Cognos_analytics

(Ibm)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 84
Date Id Summary Products Score Patch Annotated
2021-06-01 CVE-2019-4724 IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. Cognos_analytics, Oncommand_insight 7.5
2021-06-01 CVE-2019-4730 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. Cognos_analytics, Oncommand_insight 7.1
2021-06-01 CVE-2020-4300 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607. Cognos_analytics, Oncommand_insight 8.2
2021-06-01 CVE-2020-4354 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506. Cognos_analytics, Oncommand_insight 5.4
2021-10-15 CVE-2020-4951 IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. Cognos_analytics, Oncommand_insight 3.3
2021-10-15 CVE-2021-29679 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915. Cognos_analytics, Oncommand_insight 8.8
2020-08-03 CVE-2019-4366 IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. Cognos_analytics 5.3
2020-08-03 CVE-2020-4377 IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156. Cognos_analytics 9.1
2020-10-12 CVE-2020-4302 IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610. Cognos_analytics 7.8
2020-10-12 CVE-2020-4388 IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270. Cognos_analytics 8.2