Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cognos_analytics
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 95 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-17 | CVE-2019-4183 | IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. | Cognos_analytics, Oncommand_insight | 7.5 | ||
| 2019-09-17 | CVE-2019-4342 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. | Cognos_analytics, Oncommand_insight | 5.4 | ||
| 2019-12-30 | CVE-2019-4343 | IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2019-12-20 | CVE-2019-4231 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. | Cognos_analytics, Oncommand_insight | 4.3 | ||
| 2020-04-27 | CVE-2019-4729 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519. | Cognos_analytics, Oncommand_insight | 4.3 | ||
| 2021-06-01 | CVE-2019-4471 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2021-06-01 | CVE-2019-4653 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964. | Cognos_analytics, Oncommand_insight | 5.4 | ||
| 2021-06-01 | CVE-2019-4722 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128. | Cognos_analytics, Oncommand_insight | 4.3 | ||
| 2021-06-01 | CVE-2019-4723 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. | Cognos_analytics, Oncommand_insight | 7.5 | ||
| 2021-06-01 | CVE-2019-4724 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. | Cognos_analytics, Oncommand_insight | 7.5 |