7666 matches found
CVE-2017-1125
CVE-2017-1125 affects IBM Cognos Analytics 10.1 and 10.2, allowing a local user to craft a URL that confirms existence of and excerpts from a file on the server (information disclosure). Root cause is a URL-based confirmation/exposure mechanism for local files. Impact is partial confidentiality l...
HackerOne: Invitation tokens leak to Google Analytics
Hi, While testing i have noticed that , the hackerone invitation token gets exposed to google-anaytics.com How? Here look at the photo- ████████ We can see that the request payload is exposing the invitation token and its not filtered like this one- ███████ And this is what google does with their...
IBM Cognos Business Intelligence Server Cognos Analytics Information Disclosure Vulnerability
IBM Cognos Business Intelligence Server is a suite of business intelligence and performance management solutions from IBM in the United States. The solution reports, analyzes, monitors and evaluates business data.Cognos Analytics is one of the data mining and analysis components. An information...
A Growing Symphony of Security Analytics Tools Needs Careful Orchestration
Security analytics tools available to companies are increasing rapidly. However, cyber incident and vulnerability prevention, detection, response, and recovery times remain significant challenges as the types of attacks and attack vectors increase. Newer cyber analytics using machine learning are...
SA150: NSS Vulnerability April 2017
SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to a security vulnerability. A remote attacker can send crafted Base64-encoded data and execute arbitrary code or cause denial of service through an application crash. AFFECTED PRODUCTS The following...
Multiple SAP Products 'DBISQL' Information Disclosure Vulnerability
SAP SQL Anywhere is a product of SAP, Germany.SQL Anywhere is an out-of-the-box database solution with enterprise-class features.SAP IQ is an analytics server designed for analytics, data warehousing, and business intelligence environments.SAP ASE is a database management platform. An information...
Netgear Now Collects Router 'Analytics Data' — Here’s How to Disable It
Is your router collects data on your network? Netgear last week pushed out a firmware update for its wireless router model NightHawk R7000 with a remote data collection feature that collects router's analytics data and sends it to the company's server. For now, the company has rolled out the...
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2017-10389)
IBM Cognos Analytics formerly known as Cognos BI is a suite of business intelligence software from the American company IBM. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing key factors and key stakeholders. A cross-site...
TIBCO Spotfire Server and Spotfire Analytics Platform for AWS Marketplace SQL Injection Vulnerabilities
TIBCO Spotfire Server and Spotfire Analytics Platform for AWS Marketplace are both products of the US-based TIBCO Software. The former is a set of TIBCO Spotfire data analysis and mining tools based on TIBCO Spotfire for enterprises to provide integration, operation and management of the platform...
CVE-2016-3032
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...
CVE-2016-3032
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...
Cross site scripting
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...
CVE-2016-3032
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...
CVE-2016-3032
CVE-2016-3032 affects IBM Cognos Analytics 11.0.0.0 and later. The vulnerability is a cross-site scripting (XSS) flaw allowing an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The IBM bulletin indicates no remediation...
CVE-2016-3032
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...
CVE-2017-5527
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...
CVE-2017-5527
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...
Sql injection
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...
CVE-2017-5527
The provided data confirms a SQL injection issue affecting TIBCO Spotfire products. Affected: Spotfire Server versions 7.0.x before 7.0.2; 7.5.x before 7.5.1; 7.6.x before 7.6.1; 7.7.x before 7.7.1; 7.8.x before 7.8.1; Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier. Description...
SIEM Security Tools: Four Expensive Misconceptions
Why modern SIEM security solutions can save you from data and cost headaches. If you want to reliably detect attacks across your organization, you need to see all of the activity thats happening on your network. More importantly, that activity needs to be filtered and prioritized by risk -- acros...