Cognos Analytics@11.2.4 Security Vulnerabilities and Issues — Cognos Analytics@11.2.4 CVE List

Lucene search

IbmCognos Analytics11.2.4

22 matches found

CVE•added 2024/02/26 4:27 p.m.•131 views

CVE-2022-34357

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other...

6.5CVSS6.3AI score0.00094EPSS

CVE•added 2024/02/26 4:27 p.m.•93 views

CVE-2023-32344

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.

4.3CVSS4.5AI score0.00043EPSS

CVE•added 2024/09/22 1:15 p.m.•93 views

CVE-2024-40703

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks aga...

5.5CVSS4.9AI score0.00021EPSS

CVE•added 2024/02/26 4:27 p.m.•90 views

CVE-2023-30996

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.

5.3CVSS5AI score0.00096EPSS

CVE•added 2024/02/26 4:27 p.m.•88 views

CVE-2023-43051

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 26...

5.4CVSS5.2AI score0.00135EPSS

CVE•added 2024/02/26 4:27 p.m.•86 views

CVE-2023-38359

6.1CVSS5.8AI score0.00114EPSS

CVE•added 2023/07/22 2:15 a.m.•69 views

CVE-2023-25929

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.

5.4CVSS4.9AI score0.00157EPSS

CVE•added 2024/12/20 2:15 p.m.•68 views

CVE-2024-51466

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a ...

9CVSS9.1AI score0.00195EPSS

CVE•added 2023/08/16 11:15 p.m.•62 views

CVE-2023-35011

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705.

5.4CVSS5.3AI score0.00039EPSS

CVE•added 2024/05/02 9:16 p.m.•59 views

CVE-2024-25047

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

8.6CVSS6.5AI score0.00055EPSS

CVE•added 2024/12/20 2:15 p.m.•55 views

CVE-2024-40695

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be...

8CVSS7.9AI score0.00054EPSS

CVE•added 2023/07/22 2:15 a.m.•52 views

CVE-2023-28530

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. ...

5.4CVSS5.7AI score0.00099EPSS

CVE•added 2025/02/05 11:15 a.m.•51 views

CVE-2024-49352

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resou...

7.1CVSS6.8AI score0.00387EPSS

CVE•added 2023/08/16 11:15 p.m.•50 views

CVE-2023-35009

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.

5.3CVSS5.1AI score0.00077EPSS

CVE•added 2024/06/28 7:15 p.m.•48 views

CVE-2024-25041

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780.

5.4CVSS5.5AI score0.00058EPSS

CVE•added 2025/02/28 3:15 a.m.•47 views

CVE-2025-0823

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

6.5CVSS6.4AI score0.00077EPSS

CVE•added 2024/06/28 7:15 p.m.•46 views

CVE-2024-25053

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path betw...

5.9CVSS5.5AI score0.00048EPSS

CVE•added 2025/02/28 3:15 a.m.•42 views

CVE-2024-56340

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

6.5CVSS6.6AI score0.00537EPSS

CVE•added 2025/06/11 6:15 p.m.•38 views

CVE-2025-25032

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

7.5CVSS6.7AI score0.0003EPSS

CVE•added 2025/06/11 6:15 p.m.•37 views

CVE-2025-0923

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

5.3CVSS7.1AI score0.00037EPSS

CVE•added 2025/06/11 6:15 p.m.•36 views

CVE-2025-0917

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...

5.5CVSS6.3AI score0.00029EPSS

CVE•added 2025/06/28 1:15 a.m.•11 views

CVE-2024-52900

IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di...

6.4CVSS5.8AI score0.00027EPSS