Cognos Analytics Security Vulnerabilities and Issues — Cognos Analytics CVE List

Lucene search

IbmCognos Analytics

34 matches found

CVE•added 2024/09/22 1:15 p.m.•93 views

CVE-2024-40703

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks aga...

5.5CVSS4.9AI score0.00021EPSS

CVE•added 2024/02/26 4:27 p.m.•90 views

CVE-2023-30996

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.

5.3CVSS5AI score0.00096EPSS

CVE•added 2024/02/26 4:27 p.m.•88 views

CVE-2023-43051

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 26...

5.4CVSS5.2AI score0.00135EPSS

CVE•added 2022/04/22 5:15 p.m.•77 views

CVE-2021-38903

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the sec...

5.4CVSS6.2AI score0.00145EPSS

CVE•added 2022/04/22 5:15 p.m.•76 views

CVE-2021-38946

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 21...

5.4CVSS5.6AI score0.00686EPSS

CVE•added 2019/09/17 7:15 p.m.•75 views

CVE-2019-4342

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.

5.4CVSS5.6AI score0.00229EPSS

CVE•added 2019/12/20 5:15 p.m.•70 views

CVE-2019-4555

IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.

5.4CVSS5.6AI score0.00345EPSS

CVE•added 2023/07/22 2:15 a.m.•69 views

CVE-2023-25929

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.

5.4CVSS4.9AI score0.00157EPSS

CVE•added 2018/05/07 1:29 p.m.•64 views

CVE-2018-1413

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819.

5.4CVSS6.2AI score0.00673EPSS

CVE•added 2023/08/16 11:15 p.m.•62 views

CVE-2023-35011

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705.

5.4CVSS5.3AI score0.00039EPSS

CVE•added 2019/05/29 3:29 p.m.•61 views

CVE-2019-4139

IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1583...

5.4CVSS5.2AI score0.00282EPSS

CVE•added 2022/09/01 7:15 p.m.•59 views

CVE-2021-39009

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

5.5CVSS5AI score0.00105EPSS

CVE•added 2022/12/19 9:15 p.m.•56 views

CVE-2022-43887

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

5.3CVSS5AI score0.00066EPSS

CVE•added 2021/06/01 2:15 p.m.•52 views

CVE-2020-4354

5.4CVSS5.6AI score0.00184EPSS

CVE•added 2023/07/22 2:15 a.m.•52 views

CVE-2023-28530

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. ...

5.4CVSS5.7AI score0.00099EPSS

CVE•added 2023/08/16 11:15 p.m.•50 views

CVE-2023-35009

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.

5.3CVSS5.1AI score0.00077EPSS

CVE•added 2021/12/03 5:15 p.m.•49 views

CVE-2021-29867

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.

5.5CVSS5.5AI score0.00167EPSS

CVE•added 2024/06/28 7:15 p.m.•48 views

CVE-2024-25041

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780.

5.4CVSS5.5AI score0.00058EPSS

CVE•added 2018/01/29 4:29 p.m.•46 views

CVE-2017-1784

IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

5.5CVSS5.4AI score0.00153EPSS

CVE•added 2024/06/28 7:15 p.m.•46 views

CVE-2024-25053

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path betw...

5.9CVSS5.5AI score0.00048EPSS

CVE•added 2017/02/01 10:59 p.m.•45 views

CVE-2016-0217

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web brow...

5.4CVSS6.2AI score0.00158EPSS

CVE•added 2017/04/05 6:59 p.m.•45 views

CVE-2016-3015

5.4CVSS5.2AI score0.00258EPSS

CVE•added 2021/06/01 2:15 p.m.•43 views

CVE-2019-4653

5.4CVSS5.7AI score0.003EPSS

CVE•added 2017/08/29 9:29 p.m.•42 views

CVE-2017-1485

5.4CVSS5.6AI score0.00198EPSS

CVE•added 2017/05/10 2:29 p.m.•41 views

CVE-2016-3032

5.4CVSS5.2AI score0.00243EPSS

CVE•added 2021/12/03 5:15 p.m.•41 views

CVE-2021-38909

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.

5.4CVSS5.3AI score0.0031EPSS

CVE•added 2020/08/03 1:15 p.m.•40 views

CVE-2019-4366

IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.

5.3CVSS5.6AI score0.00124EPSS

CVE•added 2017/04/05 6:59 p.m.•39 views

CVE-2016-3031

5.4CVSS5.2AI score0.00258EPSS

CVE•added 2021/12/03 5:15 p.m.•39 views

CVE-2021-29719

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091

5.3CVSS5.4AI score0.00202EPSS

CVE•added 2018/03/22 12:29 p.m.•38 views

CVE-2016-9711

IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.

5.3CVSS5.8AI score0.00191EPSS

CVE•added 2019/12/30 4:15 p.m.•37 views

CVE-2019-4623

5.4CVSS5.4AI score0.00211EPSS

CVE•added 2025/06/11 6:15 p.m.•37 views

CVE-2025-0923

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

5.3CVSS7.1AI score0.00037EPSS

CVE•added 2017/08/29 9:29 p.m.•36 views

CVE-2017-1535

5.4CVSS5.3AI score0.00269EPSS

CVE•added 2025/06/11 6:15 p.m.•36 views

CVE-2025-0917

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...

5.5CVSS6.3AI score0.00029EPSS