Cognos Analytics@11.0.0 Security Vulnerabilities and Issues — Cognos Analytics@11.0.0 CVE List

Lucene search

IbmCognos Analytics11.0.0

34 matches found

CVE•added 2019/11/09 2:15 a.m.•162 views

CVE-2018-1721

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.

8.8CVSS8.4AI score0.00485EPSS

CVE•added 2019/11/09 2:15 a.m.•139 views

CVE-2019-4645

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.

6.1CVSS6AI score0.00329EPSS

CVE•added 2019/11/09 2:15 a.m.•122 views

CVE-2019-4334

IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.

4.3CVSS5AI score0.00272EPSS

CVE•added 2019/09/17 7:15 p.m.•84 views

CVE-2019-4183

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

7.8CVSS7.6AI score0.01142EPSS

CVE•added 2019/09/17 7:15 p.m.•75 views

CVE-2019-4342

5.4CVSS5.6AI score0.00229EPSS

CVE•added 2019/05/29 3:29 p.m.•61 views

CVE-2019-4139

IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1583...

5.4CVSS5.2AI score0.00282EPSS

CVE•added 2021/06/01 2:15 p.m.•52 views

CVE-2020-4354

5.4CVSS5.6AI score0.00184EPSS

CVE•added 2018/01/29 4:29 p.m.•48 views

CVE-2017-1779

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

7.8CVSS7.2AI score0.00103EPSS

CVE•added 2018/01/29 4:29 p.m.•46 views

CVE-2017-1784

IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

5.5CVSS5.4AI score0.00153EPSS

CVE•added 2017/02/01 10:59 p.m.•45 views

CVE-2016-0217

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web brow...

5.4CVSS6.2AI score0.00158EPSS

CVE•added 2017/04/05 6:59 p.m.•45 views

CVE-2016-3015

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.

5.4CVSS5.2AI score0.00258EPSS

CVE•added 2019/12/30 4:15 p.m.•44 views

CVE-2019-4343

IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.

6.5CVSS6.4AI score0.00286EPSS

CVE•added 2021/06/01 2:15 p.m.•43 views

CVE-2019-4653

5.4CVSS5.7AI score0.003EPSS

CVE•added 2021/06/01 2:15 p.m.•43 views

CVE-2019-4730

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.

7.1CVSS7.5AI score0.0059EPSS

CVE•added 2017/08/29 9:29 p.m.•42 views

CVE-2017-1485

5.4CVSS5.6AI score0.00198EPSS

CVE•added 2017/05/10 2:29 p.m.•41 views

CVE-2016-3032

5.4CVSS5.2AI score0.00243EPSS

CVE•added 2018/01/29 4:29 p.m.•41 views

CVE-2017-1783

IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.

4CVSS4.7AI score0.00086EPSS

CVE•added 2021/06/01 2:15 p.m.•41 views

CVE-2020-4561

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

10CVSS8.8AI score0.00874EPSS

CVE•added 2020/08/03 1:15 p.m.•40 views

CVE-2019-4366

IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.

5.3CVSS5.6AI score0.00124EPSS

CVE•added 2017/04/05 6:59 p.m.•39 views

CVE-2016-3031

5.4CVSS5.2AI score0.00258EPSS

CVE•added 2017/08/29 9:29 p.m.•39 views

CVE-2017-1427

6.1CVSS6AI score0.00285EPSS

CVE•added 2021/06/01 2:15 p.m.•39 views

CVE-2020-4300

8.2CVSS8.6AI score0.00185EPSS

CVE•added 2021/06/01 2:15 p.m.•39 views

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.

8.8CVSS8.6AI score0.0103EPSS

CVE•added 2018/03/22 12:29 p.m.•38 views

CVE-2016-9711

IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.

5.3CVSS5.8AI score0.00191EPSS

CVE•added 2017/08/29 9:29 p.m.•38 views

CVE-2017-1428

IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. ...

6.1CVSS6.7AI score0.00257EPSS

CVE•added 2020/08/03 1:15 p.m.•38 views

CVE-2019-4589

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.

4.6CVSS6.1AI score0.00082EPSS

CVE•added 2021/06/01 2:15 p.m.•37 views

CVE-2019-4471

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.

6.5CVSS6.7AI score0.00116EPSS

CVE•added 2019/12/30 4:15 p.m.•37 views

CVE-2019-4623

5.4CVSS5.4AI score0.00211EPSS

CVE•added 2021/06/01 2:15 p.m.•37 views

CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.

4.3CVSS5.1AI score0.00162EPSS

CVE•added 2016/07/02 2:59 p.m.•36 views

CVE-2016-0398

IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.

4.3CVSS4.7AI score0.00218EPSS

CVE•added 2017/08/29 9:29 p.m.•36 views

CVE-2017-1535

5.4CVSS5.3AI score0.00269EPSS

CVE•added 2021/06/01 2:15 p.m.•36 views

CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

7.5CVSS7.6AI score0.00355EPSS

CVE•added 2020/08/03 1:15 p.m.•35 views

CVE-2020-4377

IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.

9.1CVSS8.9AI score0.00606EPSS

CVE•added 2021/06/01 2:15 p.m.•34 views

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

7.5CVSS6.6AI score0.00355EPSS