Cognos Business Intelligence Security Vulnerabilities and Issues — Cognos Business Intelligence CVE List

Lucene search

IbmCognos Business Intelligence

10 matches found

CVE•added 2017/02/01 10:59 p.m.•47 views

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security co...

5.4CVSS7.4AI score0.00158EPSS

CVE•added 2013/03/05 5:2 a.m.•44 views

CVE-2012-4840

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors.

5CVSS7AI score0.00248EPSS

CVE•added 2016/07/03 9:59 p.m.•41 views

CVE-2016-0346

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5AI score0.00241EPSS

CVE•added 2017/04/17 9:59 p.m.•40 views

CVE-2016-3037

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.

5.7CVSS6.2AI score0.00266EPSS

CVE•added 2016/07/03 9:59 p.m.•38 views

CVE-2016-0221

Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS6AI score0.00241EPSS

CVE•added 2017/04/17 9:59 p.m.•36 views

CVE-2016-3038

IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614.

5.4CVSS5.6AI score0.00227EPSS

CVE•added 2017/06/07 5:29 p.m.•35 views

CVE-2016-9710

IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618.

5.3CVSS6.6AI score0.00234EPSS

CVE•added 2013/11/18 3:55 a.m.•34 views

CVE-2013-3030

The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests.

5CVSS8.9AI score0.01207EPSS

CVE•added 2014/02/22 9:55 p.m.•30 views

CVE-2014-0854

The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an e...

5CVSS8.6AI score0.00217EPSS

CVE•added 2017/03/08 7:59 p.m.•30 views

CVE-2016-9985

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

5.5CVSS6.8AI score0.00048EPSS