Cognos Analytics Security Vulnerabilities and Issues — Cognos Analytics CVE List

Lucene search

IbmCognos Analytics

11 matches found

CVE•added 2019/11/09 2:15 a.m.•162 views

CVE-2018-1721

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.

8.8CVSS8.4AI score0.00485EPSS

CVE•added 2022/04/22 5:15 p.m.•81 views

CVE-2021-38886

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

8.8CVSS8.7AI score0.0018EPSS

CVE•added 2024/05/02 9:16 p.m.•59 views

CVE-2024-25047

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

8.6CVSS6.5AI score0.00055EPSS

CVE•added 2024/12/20 2:15 p.m.•55 views

CVE-2024-40695

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be...

8CVSS7.9AI score0.00054EPSS

CVE•added 2022/09/01 7:15 p.m.•53 views

CVE-2022-36773

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.

8.1CVSS7.9AI score0.00041EPSS

CVE•added 2021/06/01 2:15 p.m.•39 views

CVE-2020-4300

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.

8.2CVSS8.6AI score0.00185EPSS

CVE•added 2021/06/01 2:15 p.m.•39 views

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.

8.8CVSS8.6AI score0.0103EPSS

CVE•added 2021/10/15 4:15 p.m.•39 views

CVE-2021-29679

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

8.8CVSS8.4AI score0.00721EPSS

CVE•added 2021/10/15 4:15 p.m.•38 views

CVE-2021-29745

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.

8.8CVSS8.4AI score0.0024EPSS

CVE•added 2021/12/03 5:15 p.m.•37 views

CVE-2021-29756

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.

8.8CVSS8.8AI score0.00155EPSS

CVE•added 2020/10/12 2:15 p.m.•34 views

CVE-2020-4388

IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.

8.2CVSS8.2AI score0.00202EPSS