Cognos Analytics Security Vulnerabilities and Issues — Cognos Analytics CVE List

Lucene search

IbmCognos Analytics

10 matches found

CVE•added 2019/09/17 7:15 p.m.•84 views

CVE-2019-4183

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

7.8CVSS7.6AI score0.01142EPSS

CVE•added 2022/12/19 9:15 p.m.•54 views

CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

7.5CVSS6.8AI score0.00054EPSS

CVE•added 2025/02/05 11:15 a.m.•52 views

CVE-2024-49352

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resou...

7.1CVSS6.8AI score0.00387EPSS

CVE•added 2018/01/29 4:29 p.m.•48 views

CVE-2017-1779

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

7.8CVSS7.2AI score0.00103EPSS

CVE•added 2022/09/01 7:15 p.m.•48 views

CVE-2022-30614

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.

7.5CVSS7.3AI score0.0011EPSS

CVE•added 2021/06/01 2:15 p.m.•43 views

CVE-2019-4730

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.

7.1CVSS7.5AI score0.0059EPSS

CVE•added 2025/06/11 6:15 p.m.•39 views

CVE-2025-25032

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

7.5CVSS6.7AI score0.0003EPSS

CVE•added 2021/06/01 2:15 p.m.•36 views

CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

7.5CVSS7.6AI score0.00355EPSS

CVE•added 2021/12/03 5:15 p.m.•36 views

CVE-2021-20470

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.

7.5CVSS7.4AI score0.00256EPSS

CVE•added 2021/06/01 2:15 p.m.•34 views

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

7.5CVSS6.6AI score0.00355EPSS