Cognos Analytics Security Vulnerabilities and Issues — Cognos Analytics CVE List

Lucene search

IbmCognos Analytics

11 matches found

CVE•added 2021/06/01 2:15 p.m.•52 views

CVE-2020-4354

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506.

5.4CVSS5.6AI score0.00184EPSS

CVE•added 2021/06/30 2:15 p.m.•47 views

CVE-2021-20461

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.

6.5CVSS6.8AI score0.00193EPSS

CVE•added 2021/06/01 2:15 p.m.•43 views

CVE-2019-4653

5.4CVSS5.7AI score0.003EPSS

CVE•added 2021/06/01 2:15 p.m.•43 views

CVE-2019-4730

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.

7.1CVSS7.5AI score0.0059EPSS

CVE•added 2021/06/01 2:15 p.m.•41 views

CVE-2020-4561

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

10CVSS8.8AI score0.00874EPSS

CVE•added 2021/06/01 2:15 p.m.•39 views

CVE-2020-4300

8.2CVSS8.6AI score0.00185EPSS

CVE•added 2021/06/01 2:15 p.m.•39 views

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.

8.8CVSS8.6AI score0.0103EPSS

CVE•added 2021/06/01 2:15 p.m.•37 views

CVE-2019-4471

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.

6.5CVSS6.7AI score0.00116EPSS

CVE•added 2021/06/01 2:15 p.m.•37 views

CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.

4.3CVSS5.1AI score0.00162EPSS

CVE•added 2021/06/01 2:15 p.m.•36 views

CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

7.5CVSS7.6AI score0.00355EPSS

CVE•added 2021/06/01 2:15 p.m.•34 views

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

7.5CVSS6.6AI score0.00355EPSS