Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Filtered by product Cognos Analytics
Total 75 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-4730 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2021-12-01 5.5 MEDIUM 7.1 HIGH
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.
CVE-2019-4724 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2021-12-01 5.0 MEDIUM 7.5 HIGH
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.
CVE-2019-4723 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2021-12-01 5.0 MEDIUM 7.5 HIGH
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
CVE-2020-4354 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2021-12-01 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506.
CVE-2019-4722 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2021-12-01 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.
CVE-2019-4653 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2021-12-01 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964.
CVE-2021-29679 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2021-11-16 6.5 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.
CVE-2020-4951 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2021-11-16 2.1 LOW 3.3 LOW
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2019-4366 1 Ibm 1 Cognos Analytics 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.
CVE-2020-4377 1 Ibm 1 Cognos Analytics 2021-07-21 6.4 MEDIUM 9.1 CRITICAL
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
CVE-2020-4302 1 Ibm 1 Cognos Analytics 2021-07-21 9.3 HIGH 7.8 HIGH
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.
CVE-2020-4388 1 Ibm 1 Cognos Analytics 2020-10-14 6.4 MEDIUM 8.2 HIGH
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.
CVE-2019-4334 1 Ibm 1 Cognos Analytics 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.
CVE-2019-4589 1 Ibm 1 Cognos Analytics 2020-08-03 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
CVE-2019-4555 1 Ibm 1 Cognos Analytics 2020-03-17 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.
CVE-2019-4623 1 Ibm 1 Cognos Analytics 2020-01-03 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924.
CVE-2018-1721 1 Ibm 1 Cognos Analytics 2019-11-12 6.5 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.
CVE-2019-4645 1 Ibm 1 Cognos Analytics 2019-11-12 4.3 MEDIUM 6.1 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.
CVE-2018-1842 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2019-10-09 3.3 LOW 3.6 LOW
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.
CVE-2016-9711 1 Ibm 1 Cognos Analytics 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.