Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cognos_analytics
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 92 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-22 | CVE-2021-38904 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2022-04-22 | CVE-2021-38905 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. | Cognos_analytics, Oncommand_insight | 4.3 | ||
| 2022-04-22 | CVE-2021-38946 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. | Cognos_analytics, Oncommand_insight | 5.4 | ||
| 2022-06-24 | CVE-2021-29768 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2022-06-24 | CVE-2021-38945 | IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. | Cognos_analytics, Oncommand_insight | 9.8 | ||
| 2022-06-24 | CVE-2021-39047 | IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. | Cognos_analytics, Planning_analytics, Oncommand_insight | 6.1 | ||
| 2022-09-01 | CVE-2020-4301 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2022-09-01 | CVE-2021-20468 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2022-09-01 | CVE-2021-29823 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2022-09-01 | CVE-2021-39009 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. | Cognos_analytics, Oncommand_insight | 5.5 |