Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cognos_analytics
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 84 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-22 | CVE-2023-28530 | IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214. | Cognos_analytics | 5.4 | ||
| 2021-12-03 | CVE-2021-29719 | IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 | Cognos_analytics, Oncommand_insight | 5.3 | ||
| 2022-04-22 | CVE-2021-38904 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2022-04-22 | CVE-2021-38905 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. | Cognos_analytics, Oncommand_insight | 4.3 | ||
| 2022-06-24 | CVE-2021-29768 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2022-09-01 | CVE-2021-39045 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. | Cognos_analytics, Oncommand_insight | 5.5 | ||
| 2022-09-01 | CVE-2022-30614 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. | Cognos_analytics, Oncommand_insight | 7.5 | ||
| 2023-05-12 | CVE-2021-39036 | IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. | Cognos_analytics | 6.1 | ||
| 2019-09-17 | CVE-2019-4183 | IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. | Cognos_analytics, Oncommand_insight | 7.5 | ||
| 2019-09-17 | CVE-2019-4342 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. | Cognos_analytics, Oncommand_insight | 5.4 |