971 matches found
CVE-2021-38946
IBM Cognos Analytics 11.1.7, 11.2.0 (and 11.1.x affected streams) are affected by CVE-2021-38946, a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials in a trusted session. Concretely, multiple sources note the vul...
CVE-2020-10771
The CVE-2020-10771 entry describes a CSRF vulnerability in Infinispan 10: REST endpoints can be exploited via GET requests to perform actions with side effects. This is documented in the NVD entry and mirrored in Red Hat advisories (RHSA) tying the issue to Infinispan REST GET-action handling. Im...
CVE-2021-29678
CVE-2021-29678 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5. A user with DBADM authority could access other databases and read or modify files, indicating an information disclosure vulnerability. The connected IBM bulletins en...
CVE-2021-38904
IBM Cognos Analytics 11.1.7 and 11.2.0 are affected by CVE-2021-38904, an information-disclosure flaw that could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. The root cause involves browser-autocomplete behavior rather than code executio...
CVE-2021-38931
CVE-2021-38931 affects IBM Db2 for Linux, UNIX and Windows (11.1 and 11.5) where a connected user can perform indirect reads on a table they are not authorized to access, causing information disclosure. The Connected documents consistently describe this as part of DB2 vulnerabilities across IBM p...
CVE-2021-39047
CVE-2021-39047 affects IBM Planning Analytics 2.0 and IBM Cognos Analytics (11.1.x–11.2.x). The issue is a cross-site scripting (XSS) vulnerability in the Web UI that could let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediat...
CVE-2021-38926
CVE-2021-38926 : IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to modification of columns of existing tasks. The concrete root cause is the ability to modify task columns, leading to privilege...
CVE-2021-39002
CVE-2021-39002 affects IBM DB2 for Linux/UNIX/Windows (incl. DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, 11.5. Description: weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Impact: information disclosure. Affected products appe...
CVE-2019-4342
CVE-2019-4342 affects IBM Cognos Analytics 11.0 and 11.1. The vulnerability is a cross-site scripting flaw in the Web UI that could let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Exploitation status is not provided in the docume...
CVE-2024-21101
CVE-2024-21101 affects Oracle MySQL Cluster (Cluster: General) across multiple releases: 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior, and 8.3.0 and prior. The vulnerability allows a high-privileged attacker with network access via multiple protocols to obtain unauthorized read access to ...
CVE-2021-35598
CVE-2021-35598 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior. The vulnerability allows a highly privileged attacker with access to the hardware’s physical communication segment to take over the MySQL Clus...
CVE-2021-35621
CVE-2021-35621 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster releases 7.4.33 and earlier, 7.5.23 and earlier, 7.6.19 and earlier, 8.0.26 and earlier. Root cause: a vulnerability in the Cluster: General component could let a highly privileged attacker, with access to the...
CVE-2024-21262
CVE-2024-21262 (MySQL Connectors, Connector/ODBC) Vulnerability in Oracle MySQL Connectors (Connector/ODBC) affecting 9.0.0 and earlier. Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors, potentially causing unauthorized updates/inserts/deletes to...
CVE-2021-38905
CVE-2021-38905 affects IBM Cognos Analytics 11.1.7, 11.2.0 (and related 11.1.x) where an authenticated user could view report pages they should not access due to a access-control vulnerability. Remediate by upgrading to IBM Cognos Analytics 11.2.2 or applying the 11.1.7 FP9/IF9 fixes; IBM notes r...
CVE-2024-25047
IBM Cognos Analytics is affected by CVE-2024-25047: injection attacks in application logging due to unsanitized user-supplied data. Affected versions are 11.2.0–11.2.4 and 12.0.0–12.0.2. Root cause is improper sanitization in logging code, enabling potential follow-on attacks. IBM recommends upgr...
CVE-2019-5496
Oncommand Insight versions prior to 7.3.5 are affected by CVE-2019-5496 due to missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The connected NVD entry lists CVSS scores (2.0/3.0) indicating network access with no authentication...
CVE-2021-39009
Summary: CVE-2021-39009 affects IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1, where user credentials are stored in plain text and readable by a local privileged user. The IBM bulletin confirms remediation: upgrade to IBM Cognos Analytics 11.2.3 or apply FP5 for 11.1.x to address this issue. Th...
CVE-2020-14853
CVE-2020-14853 (MySQL Cluster, NDBCluster Plugin) is confirmed in multiple connected sources as a vulnerability affecting Oracle MySQL’s MySQL Cluster with affected versions 8.0.21 and earlier. The flaw can be exploited by a low-privilege, network-accessible attacker via multiple protocols. Succe...
CVE-2021-38945
Summary of CVE-2021-38945 (IBM Cognos Analytics) Affects IBM Cognos Analytics versions 11.2.1, 11.2.0 and 11.1.7 (shipped with IBM Sterling Control Center) where a remote attacker could upload arbitrary files due to improper content validation on uploads. This is the root cause: lack of proper va...
CVE-2018-1413
CVE-2018-1413 affects IBM Cognos Analytics 11.0, with cross-site scripting via the Web UI that could lead to credentials disclosure in a trusted session. IBM IBM Cognos Bulletins/NTAP references confirm the vulnerability and list 11.0.11.0 as the fixed release. Remediation: upgrade to IBM Cognos ...
CVE-2021-35590
CVE-2021-35590 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior. Root cause: input validation error in MySQL Cluster. Impact: high-privilege attacker with access to the hardware communication segment can tak...
CVE-2020-4135
CVE-2020-4135 affects IBM DB2 on Linux/UNIX/Windows (including DB2 Connect Server) across 9.7, 10.1, 10.5, 11.1, 11.5. An unauthenticated attacker could send specially crafted packets to cause denial of service via excessive memory usage. Public materials confirm impact as a network-accessible Do...
CVE-2020-5025
CVE-2020-5025 affects IBM DB2 LUW (Linux/UNIX/Windows) and DB2 Connect Server versions 9.7, 10.1, 10.5, 11.1, and 11.5. The vulnerability is a buffer overflow caused by improper bounds checking in db2fm, enabling a local attacker to execute arbitrary code with root privileges. Public sources in I...
CVE-2021-35613
CVE-2021-35613 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster 8.0.26 and earlier. An unauthenticated attacker with network access via multiple protocols can compromise MySQL Cluster, resulting in a partial denial of service. The initial description provides CVSS details ...
CVE-2021-20468
CVE-2021-20468 affects IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 and is a cross-site request forgery (CSRF) vulnerability. The issue could allow an attacker to perform malicious, unauthorized actions transmitted from a trusted user’s session. IBM X-Force ID: 196825. According to IBM’s secur...
CVE-2021-29768
CVE-2021-29768 affects IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1, allowing a low-privilege user to obtain sensitive information from the details of the Cloud Storage page due to faulty access controls. Remediation per connected IBM/NCSC sources: upgrade to Cognos Analytics 11.2.2 or apply 1...
CVE-2021-29823
IBM Cognos Analytics (versions 11.1.0–11.1.7 FP4 and 11.2.0–11.2.2) is affected by CSRF (CVE-2021-29823). The root cause is cross-site requests that could perform malicious, unauthorised actions on behalf of trusted users. Remediation: upgrade to 11.2.3 or apply the documented fixes (11.1.7 FP5)....
CVE-2021-35584
CVE-2021-35584 affects Oracle MySQL Cluster (Cluster: ndbcluster/plugin DDL). Affected: MySQL Cluster 8.0.26 and prior. The vulnerability is described as easily exploitable with network access from multiple protocols by a low-privilege attacker, potentially causing partial denial of service to My...
CVE-2019-4231
CVE-2019-4231 affects IBM Cognos Analytics 11.0 and 11.1. The issue is a Cross-Site Request Forgery (CSRF) that could enable an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The description provided indicates the vulnerability arises from a web application that ...
CVE-2019-4653
CVE-2019-4653 affects IBM Cognos Analytics 11.0 and 11.1. A cross-site scripting (XSS) vulnerability in the Web UI could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The entry is supported by the NVD description and related referenc...
CVE-2018-1842
The CVE-2018-1842 issue affects IBM Cognos Analytics 11 Configuration tool. The root cause is a bypass of OIDC namespace signature verification on the id_token under certain conditions. This leads to a potential security impact where token validation may be weakened, allowing an attacker to explo...
CVE-2021-2411
CVE-2021-2411 affects Oracle MySQL Cluster (Cluster: JS module) with affected versions 8.0.25 and earlier. The vulnerability is exploitable by an unauthenticated attacker over network via multiple protocols, leading to partial denial of service of MySQL Cluster. The connected sources confirm the ...
CVE-2021-35592
CVE-2021-35592 concerns Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster versions 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. Root cause: vulnerability in the Cluster: General component that enables a high privileged attacker with access to the hardware’s physical co...
CVE-2021-35593
CVE-2021-35593 corresponds to a vulnerability in Oracle MySQL Cluster (Cluster: General). Affected versions are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. The issue is described as difficult to exploit, requiring high-privilege access in the physical network segme...
CVE-2021-35594
CVE-2021-35594 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and earlier, 7.5.23 and earlier, 7.6.19 and earlier, and 8.0.26 and earlier. Root cause per description: a vulnerability that is difficult to exploit, exploitable by a highly privileged attacker with access ...
CVE-2021-35618
CVE-2021-35618 affects Oracle MySQL Cluster (Cluster: General) with affected versions 8.0.26 and earlier. The vulnerability in the Cluster General component can permit a highly privileged attacker with physical access to the hardware communication segment to cause partial DoS on MySQL Cluster; ex...
CVE-2020-5024
Summary of CVE-2020-5024 details from provided documents : IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due to a hang in the SSL handshake response. This is a remote/...
CVE-2021-29867
The CVE-2021-29867 vulnerability affects IBM Cognos Analytics 11.1.7 and 11.2.0, where an authenticated user could view or edit a Jupyter notebook they should not access. Root cause details aren’t explicitly stated in the provided documents, but the NVD entry lists a CVSS v3.1 base score of 5.4 (...
CVE-2022-36773
The CVE-2022-36773 entry concerns IBM Cognos Analytics versions 11.1.7, 11.2.0, and 11.2.1 that are vulnerable to an XML External Entity (XXE) injection when processing XML data. The root cause is an XXE flaw in XML data handling, which could allow a remote attacker to read sensitive information ...
CVE-2021-39045
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by CVE-2021-39045 due to the autocomplete feature on password input fields, which could allow a local attacker to obtain information. The issue is rooted in how password fields handle autocomplete, enabling potential exposure of credent...
CVE-2019-4729
IBM Cognos Analytics versions 11.0 and 11.1 are affected by a vulnerability that allows a remote attacker to obtain sensitive information through detailed error messages returned in the browser, enabling information disclosure. Root cause: leakage via verbose technical error messages. Affected pr...
CVE-2020-4354
IBM Cognos Analytics 11.0 and 11.1 are affected by a cross-site scripting vulnerability stemming from insufficient validation of client data, enabling embedding of arbitrary JavaScript in the Web UI and potentially exposing credentials within a trusted session. Connected sources describe the issu...
CVE-2022-30614
Affected software: IBM Cognos Analytics 11.1.7, 11.2.0, 11.2.1. Vulnerability: Denial of Service via email flooding by sending a specially-crafted request, causing server CPU exhaustion. Root cause / component: DoS condition triggered through email handling (as described in the CVE entry and IBM ...
CVE-2025-21492
CVE-2025-21492 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.36 and prior, and 8.4.0. Description: vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or frequent, repeatable crash (complete DoS) of MySQL Serv...
CVE-2020-4301
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2020-4301). The IBM bulletin confirms CSRF as the underlying issue and notes that fixes have been applied in later releases: 11.2.3 for the 11.2 line and FP5 for 11.1.7. Affected...
CVE-2021-20461
CVE-2021-20461 affects IBM Cognos Analytics 10.0 and 11.1, where a weakness in the System Appearance configuration may allow an attacker to bypass business logic and alter the application's appearance/behavior. Connected sources confirm the root cause (System Appearance implementation issue) and ...
CVE-2022-38733
OnCommand Insight (NetApp) versions 7.3.1–7.3.14 contain an authentication bypass in the Data Warehouse component. The CVE-2022-38733 entry documents unauthenticated access risk from the management interface, potentially allowing attackers to obtain system data and cause a denial-of-service. Seve...
CVE-2017-1779
IBM Cognos Analytics 11.0.x has a vulnerability where cached credentials are stored locally and could be obtained by a local user. The issue affects IBM Cognos Analytics versions 11.0.0.0 through 11.0.7.0. Root cause: credentials caching without sufficient protection allows local access to cached...
CVE-2021-29716
CVE-2021-29716 affects IBM Cognos Analytics 11.1.7 and 11.2.0, where a low‑privilege user could access areas of the application intended for privileged users due to an access control error. Publicly documented details confirm affected versions and a remediation path: apply fixes in Cognos 11.1.7 ...
CVE-2017-1784
CVE-2017-1784 affects IBM Cognos Analytics 11.0. The issue allows a local user to read results stored in temporary files containing highly sensitive information. The root cause is described in IBM’s bulletin associated with Cognos Analytics 11.0.x, noting this vulnerability alongside others (CVE-...