Cognos Analytics Security Vulnerabilities and Issues — Cognos Analytics CVE List

Lucene search

IbmCognos Analytics

11 matches found

CVE•added 2019/11/09 2:15 a.m.•122 views

CVE-2019-4334

IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.

4.3CVSS5AI score0.00272EPSS

CVE•added 2024/02/26 4:27 p.m.•93 views

CVE-2023-32344

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.

4.3CVSS4.5AI score0.00043EPSS

CVE•added 2022/04/22 5:15 p.m.•80 views

CVE-2021-29824

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.

4.3CVSS5.3AI score0.00224EPSS

CVE•added 2022/04/22 5:15 p.m.•64 views

CVE-2021-38905

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.

4.3CVSS5.2AI score0.00172EPSS

CVE•added 2019/12/20 5:15 p.m.•60 views

CVE-2019-4231

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.

4.3CVSS5.6AI score0.00178EPSS

CVE•added 2020/04/27 2:15 p.m.•44 views

CVE-2019-4729

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.

4.3CVSS4.4AI score0.0013EPSS

CVE•added 2021/10/15 4:15 p.m.•42 views

CVE-2020-4951

IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.

4CVSS3.9AI score0.00068EPSS

CVE•added 2018/01/29 4:29 p.m.•41 views

CVE-2017-1783

IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.

4CVSS4.7AI score0.00086EPSS

CVE•added 2020/08/03 1:15 p.m.•38 views

CVE-2019-4589

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.

4.6CVSS6.1AI score0.00082EPSS

CVE•added 2021/06/01 2:15 p.m.•37 views

CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.

4.3CVSS5.1AI score0.00162EPSS

CVE•added 2016/07/02 2:59 p.m.•36 views

CVE-2016-0398

IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.

4.3CVSS4.7AI score0.00218EPSS