42 matches found
Security Bulletin: Multiple vulnerabilities in IBM Cognos BI 8.4.1,10.1, 10.1.1 and 10.2 (CVE-2011-3026, CVE-2011-4858, CVE-2012-0498, CVE-2012-2177, CVE-2012-2193, CVE-2012-4835, CVE-2012-4836, CVE-2012-4837, CVE-2012-4840, CVE-2012-4858, CVE-2012-5081)
Summary Several security vulnerabilities have been identified in IBM Cognos BI which may allowing remote attackers to: - Cause a denial of service condition via excessive CPU consumption, - Inject arbitrary JavaScript code into the victim's web browser, - Download arbitrary XML files from the...
Security Bulletin: IBM Cognos BI 8.4 Partial Denial of Service Vulnerability
Abstract A malicious IBM Cognos BI 8.4 user is able to send a crafted request to the Cognos server which triggers high CPU utilization that may cause a partial denial of service condition due to CPU consumption. This vulnerability can only be exploited by authenticated users, and is not applicabl...
Security Bulletin: Information Disclosure in Cognos Business Intelligence (Cognos BI) shipped with Tivoli Common Reporting (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563)
Summary IBM Tivoli Common Reporting TCR interim fixes address Security Vulnerabilities CVE-2019-1547, CVE-2019-1549, CVE-2019-1563 Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to...
Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October 2018, January 2019, April 2019, July 2019 and October 2019. IBM Cognos Business Intelligence...
Security Bulletin: COGNOS DIRECT INTEGRATION ACCESS REMAINS OPEN AFTER CLOSING MAXIMO SESSION (CVE-2014-6102)
Summary IBM Maximo Asset Management could allow a user to access Cognos BI even after the Maximo session is closed. Vulnerability Details CVE-ID: CVE-2014-6102 DESCRIPTION: IBM Maximo Asset Management could allow a local user to bypass security on another user's Maximo session due to it improperl...
Security Bulletin: Security vulnerabilities in IBM WebSphere Application Server affects Rational Insight (CVE-2017-1681)
Summary The Rational Insight is shipped with a version of the IBM WebSphere Application Server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for...
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence
Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence RRDI. RRDI has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3730 DESCRIPTION: OpenSSL is vulnerable to a denial of...
Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight
Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive...
Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence
Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remot...
Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735)
Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HT...
Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735)
Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HTTP response splitting attacks, cause...
Security Bulletin: A vulnerability in Apache Tomcat affects Rational Reporting for Development Intelligence (CVE-2015-5174)
Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the Apache Tomcat web server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2015-5174 DESCRIPTION: Apache Tomcat could allow a remot...
Security Bulletin: A vulnerability in IBM Java SDK affects Rational Insight (CVE-2016-3427)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. The issue was disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An unspecified vulnerability related to the JMX...
Security Bulletin: A vulnerability in IBM Java SDK affects Rational Reporting for Development Intelligence (CVE-2016-3427)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Reporting for Development Intelligence RRDI. The issue was disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An unspecified...
Security Bulletin: Vulnerability in Apache Commons affects Rational Insight (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by Jazz Team Server and Cognos Business Intelligence Cognos BI shipped with Rational Insight. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a...
Security Bulletin: Vulnerability in Diffie-Hellman cipher affects Rational Insight (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Jazz Team Server and Cognos Business Intelligence Cognos BI shipped with Rational Insight. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker ...
Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
Summary This bulletin addresses several security vulnerabilities. IBM Cognos Business Intelligence has addressed a vulnerability where sensitive information can be revealed in its logs files. There is a vulnerabilitiy in IBM® WebSphere Application Server Liberty. Liberty is used by IBM Cognos...
Security Bulletin: IBM Cognos Business Intelligence Server 2016Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
Summary This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Cognos Business Intelligence (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Cognos Business Intelligence Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...
Security Bulletin: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568).
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in July 2014. OpenSSL vulnerabilities along with SSL 3 Fallback protection...