IBM Cognos Analytics Information Disclosure Vulnerability (CNVD-2021-95138)

IBM Cognos Analytics is a business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytics has a security vulnerability that could be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to change the intended functionality, which could lead to the disclosure of credentials in a trusted session.