Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NetappOncommand Insight

968 matches found

CVE
CVEadded 2021/12/09 5:15 p.m.72 views

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

6.5CVSS6.5AI score0.00092EPSS
CVE
CVEadded 2022/04/22 5:15 p.m.71 views

CVE-2021-38904

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.

6.5CVSS6.8AI score0.00274EPSS
CVE
CVEadded 2024/04/16 10:15 p.m.71 views

CVE-2024-21101

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via mul...

2.2CVSS4.9AI score0.00096EPSS
CVE
CVEadded 2019/05/10 8:29 p.m.69 views

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

7.5CVSS7.1AI score0.00205EPSS
CVE
CVEadded 2021/10/20 11:16 a.m.69 views

CVE-2021-35583

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

7.5CVSS6.9AI score0.01522EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.69 views

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.

5.5CVSS6.5AI score0.00057EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.69 views

CVE-2021-39002

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS7.7AI score0.00053EPSS
CVE
CVEadded 2021/10/20 11:17 a.m.68 views

CVE-2021-35621

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.7AI score0.38256EPSS
CVE
CVEadded 2022/01/19 12:15 p.m.68 views

CVE-2022-21380

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.6AI score0.05048EPSS
CVE
CVEadded 2018/05/07 1:29 p.m.64 views

CVE-2018-1413

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819.

5.4CVSS6.2AI score0.00673EPSS
CVE
CVEadded 2022/04/22 5:15 p.m.64 views

CVE-2021-38905

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.

4.3CVSS5.2AI score0.00172EPSS
CVE
CVEadded 2022/06/24 4:15 p.m.63 views

CVE-2021-38945

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

9.8CVSS9AI score0.00079EPSS
CVE
CVEadded 2021/03/11 4:15 p.m.61 views

CVE-2020-5025

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

8.4CVSS7.9AI score0.00306EPSS
CVE
CVEadded 2022/09/01 7:15 p.m.61 views

CVE-2021-29823

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.

6.5CVSS6.4AI score0.0024EPSS
CVE
CVEadded 2019/12/20 5:15 p.m.60 views

CVE-2019-4231

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.

4.3CVSS5.6AI score0.00178EPSS
CVE
CVEadded 2020/10/21 3:15 p.m.59 views

CVE-2020-14853

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Succ...

4.9CVSS4.4AI score0.00225EPSS
CVE
CVEadded 2022/09/01 7:15 p.m.59 views

CVE-2021-39009

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

5.5CVSS5AI score0.00105EPSS
CVE
CVEadded 2024/05/02 9:16 p.m.59 views

CVE-2024-25047

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

8.6CVSS6.5AI score0.00055EPSS
CVE
CVEadded 2022/06/24 4:15 p.m.58 views

CVE-2021-29768

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.

6.5CVSS6.1AI score0.00159EPSS
CVE
CVEadded 2021/10/20 11:17 a.m.58 views

CVE-2021-35590

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.5CVSS5.6AI score0.28894EPSS
CVE
CVEadded 2021/06/02 12:15 p.m.57 views

CVE-2020-10771

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

7.1CVSS6.8AI score0.00085EPSS
CVE
CVEadded 2020/02/19 4:15 p.m.57 views

CVE-2020-4135

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.

7.5CVSS7.2AI score0.00908EPSS
CVE
CVEadded 2021/10/20 11:16 a.m.57 views

CVE-2021-35584

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. ...

4.3CVSS3.9AI score0.00389EPSS
CVE
CVEadded 2021/10/20 11:17 a.m.57 views

CVE-2021-35613

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful ...

4.3CVSS3.7AI score0.01008EPSS
CVE
CVEadded 2018/11/09 1:29 a.m.56 views

CVE-2018-1842

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.

3.6CVSS5.1AI score0.00084EPSS
CVE
CVEadded 2021/07/21 3:15 p.m.54 views

CVE-2021-2411

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successfu...

4.3CVSS3.9AI score0.00905EPSS
CVE
CVEadded 2021/10/20 11:17 a.m.54 views

CVE-2021-35592

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication se...

6.3CVSS5.6AI score0.39342EPSS
CVE
CVEadded 2022/09/01 7:15 p.m.53 views

CVE-2022-36773

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.

8.1CVSS7.9AI score0.00041EPSS
CVE
CVEadded 2022/12/20 9:15 p.m.53 views

CVE-2022-38733

OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.

8.6CVSS8.6AI score0.00093EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.52 views

CVE-2020-4354

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506.

5.4CVSS5.6AI score0.00184EPSS
CVE
CVEadded 2021/03/11 4:15 p.m.52 views

CVE-2020-5024

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

7.5CVSS7.1AI score0.01607EPSS
CVE
CVEadded 2022/09/01 7:15 p.m.52 views

CVE-2021-20468

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.

6.5CVSS6.4AI score0.00072EPSS
CVE
CVEadded 2021/10/20 11:17 a.m.52 views

CVE-2021-35598

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.6AI score0.39342EPSS
CVE
CVEadded 2021/10/20 11:17 a.m.52 views

CVE-2021-35618

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where th...

1.8CVSS2AI score0.00323EPSS
CVE
CVEadded 2021/10/20 11:17 a.m.51 views

CVE-2021-35594

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.6AI score0.39342EPSS
CVE
CVEadded 2025/01/21 9:15 p.m.50 views

CVE-2025-21492

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.4AI score0.00074EPSS
CVE
CVEadded 2021/12/03 5:15 p.m.49 views

CVE-2021-29867

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.

5.5CVSS5.5AI score0.00167EPSS
CVE
CVEadded 2021/10/20 11:17 a.m.49 views

CVE-2021-35593

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.6AI score0.39342EPSS
CVE
CVEadded 2022/09/01 7:15 p.m.49 views

CVE-2021-39045

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.

6.2CVSS5.2AI score0.00071EPSS
CVE
CVEadded 2018/01/29 4:29 p.m.48 views

CVE-2017-1779

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

7.8CVSS7.2AI score0.00103EPSS
CVE
CVEadded 2022/09/01 7:15 p.m.48 views

CVE-2022-30614

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.

7.5CVSS7.3AI score0.0011EPSS
CVE
CVEadded 2021/06/30 2:15 p.m.47 views

CVE-2021-20461

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.

6.5CVSS6.8AI score0.00193EPSS
CVE
CVEadded 2018/01/29 4:29 p.m.46 views

CVE-2017-1784

IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

5.5CVSS5.4AI score0.00153EPSS
CVE
CVEadded 2021/12/03 5:15 p.m.45 views

CVE-2021-29716

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.

6.5CVSS6.3AI score0.00361EPSS
CVE
CVEadded 2019/12/30 4:15 p.m.44 views

CVE-2019-4343

IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.

6.5CVSS6.4AI score0.00286EPSS
CVE
CVEadded 2020/04/27 2:15 p.m.44 views

CVE-2019-4729

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.

4.3CVSS4.4AI score0.0013EPSS
CVE
CVEadded 2022/09/01 7:15 p.m.44 views

CVE-2020-4301

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

6.5CVSS6.4AI score0.00072EPSS
CVE
CVEadded 2021/03/11 4:15 p.m.44 views

CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

5.1CVSS5.4AI score0.00086EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.43 views

CVE-2019-4653

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964.

5.4CVSS5.7AI score0.003EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.43 views

CVE-2019-4730

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.

7.1CVSS7.5AI score0.0059EPSS
Total number of security vulnerabilities968