This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.8.0 GA as well as 11.0.7.0 and 11.0.6.0 Interim Fixes
CVEID: CVE-2017-1783**
DESCRIPTION:** IBM Cognos Analytics could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/136857 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2017-1779**
DESCRIPTION:** IBM Cognos Analytics could store cached credentials locally that could be obtained by a local user.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/136824 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2017-1784**
DESCRIPTION:** IBM Cognos Analytics could produce results in temporary files that contain highly sensitive information that can be read by a local user.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/136858 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Cognos Analytics Version 11.0.0.0 to 11.0.7.0
IBM Cognos Analytics 11.0.8.0
IBM Cognos Analytics 11.0.7.0 Interim Fix 1
IBM Cognos Analytics 11.0.6.0 Interim Fix 3
None