Multiple vulnerabilities in IBM Cognos Analytics have been addressed. A vulnerabiltiy has been addressed in the following 3rd party software component that is consumed by IBM Cognos Analytics: Apache PDFBox. An vulnerability where sensitive information when a detailed technical error message is returned in the browser has also been addressed.
CVEID:CVE-2018-11797
**DESCRIPTION:**Apache PDFBox is vulnerable to a denial of service, caused by a flaw when parsing the page tree. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/150898 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2019-4729
**DESCRIPTION:**IBM Cognos Analytixs could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172519 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
IBM Cognos Analytics 11.1
IBM Cognos Analytics 11.0
The recommended solution is to apply the fix for the versions listed as soon as practical.
IBM Cognos Analytics 11.0.13 Fix Pack 3
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cognos analytics | eq | 11.1 | |
ibm cognos analytics | eq | 11.0 |