Cognos Business Intelligence@10.2 Security Vulnerabilities and Issues — Cognos Business Intelligence@10.2 CVE List

Lucene search

IbmCognos Business Intelligence10.2

9 matches found

CVE•added 2017/02/01 10:59 p.m.•47 views

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security co...

5.4CVSS7.4AI score0.00158EPSS

CVE•added 2017/06/07 5:29 p.m.•42 views

CVE-2016-0254

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service...

6.8CVSS7.5AI score0.00488EPSS

CVE•added 2017/04/17 9:59 p.m.•40 views

CVE-2016-3037

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.

5.7CVSS6.2AI score0.00266EPSS

CVE•added 2017/06/07 5:29 p.m.•40 views

CVE-2017-1125

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.

3.3CVSS5.4AI score0.00054EPSS

CVE•added 2017/04/17 9:59 p.m.•36 views

CVE-2016-3036

IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612.

7.5CVSS7.9AI score0.01175EPSS

CVE•added 2017/04/17 9:59 p.m.•36 views

CVE-2016-3038

IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614.

5.4CVSS5.6AI score0.00227EPSS

CVE•added 2017/03/27 10:59 p.m.•35 views

CVE-2016-8960

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.

8.8CVSS8.4AI score0.00526EPSS

CVE•added 2017/06/07 5:29 p.m.•35 views

CVE-2016-9710

IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618.

5.3CVSS6.6AI score0.00234EPSS

CVE•added 2017/03/08 7:59 p.m.•30 views

CVE-2016-9985

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

5.5CVSS6.8AI score0.00048EPSS