Lucene search
K
NetappOncommand Insight

971 matches found

CVE
CVE
added 2022/04/22 4:30 p.m.90 views

CVE-2021-38946

IBM Cognos Analytics 11.1.7, 11.2.0 (and 11.1.x affected streams) are affected by CVE-2021-38946, a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials in a trusted session. Concretely, multiple sources note the vul...

5.4CVSS5.6AI score0.00659EPSS
CVE
CVE
added 2021/06/02 11:2 a.m.89 views

CVE-2020-10771

The CVE-2020-10771 entry describes a CSRF vulnerability in Infinispan 10: REST endpoints can be exploited via GET requests to perform actions with side effects. This is documented in the NVD entry and mirrored in Red Hat advisories (RHSA) tying the issue to Infinispan REST GET-action handling. Im...

7.1CVSS6.8AI score0.00445EPSS
CVE
CVE
added 2021/12/09 5:0 p.m.89 views

CVE-2021-29678

CVE-2021-29678 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5. A user with DBADM authority could access other databases and read or modify files, indicating an information disclosure vulnerability. The connected IBM bulletins en...

8.7CVSS8AI score0.01091EPSS
CVE
CVE
added 2022/04/22 4:30 p.m.89 views

CVE-2021-38904

IBM Cognos Analytics 11.1.7 and 11.2.0 are affected by CVE-2021-38904, an information-disclosure flaw that could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. The root cause involves browser-autocomplete behavior rather than code executio...

6.5CVSS6.8AI score0.01728EPSS
CVE
CVE
added 2021/12/09 5:0 p.m.89 views

CVE-2021-38931

CVE-2021-38931 affects IBM Db2 for Linux, UNIX and Windows (11.1 and 11.5) where a connected user can perform indirect reads on a table they are not authorized to access, causing information disclosure. The Connected documents consistently describe this as part of DB2 vulnerabilities across IBM p...

6.5CVSS6.5AI score0.01159EPSS
CVE
CVE
added 2022/06/24 3:35 p.m.88 views

CVE-2021-39047

CVE-2021-39047 affects IBM Planning Analytics 2.0 and IBM Cognos Analytics (11.1.x–11.2.x). The issue is a cross-site scripting (XSS) vulnerability in the Web UI that could let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediat...

6.1CVSS5.9AI score0.0083EPSS
CVE
CVE
added 2021/12/09 5:0 p.m.87 views

CVE-2021-38926

CVE-2021-38926 : IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to modification of columns of existing tasks. The concrete root cause is the ability to modify task columns, leading to privilege...

5.5CVSS6.5AI score0.00323EPSS
CVE
CVE
added 2021/12/09 5:0 p.m.86 views

CVE-2021-39002

CVE-2021-39002 affects IBM DB2 for Linux/UNIX/Windows (incl. DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, 11.5. Description: weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Impact: information disclosure. Affected products appe...

7.5CVSS7.7AI score0.0089EPSS
CVE
CVE
added 2019/09/17 7:5 p.m.85 views

CVE-2019-4342

CVE-2019-4342 affects IBM Cognos Analytics 11.0 and 11.1. The vulnerability is a cross-site scripting flaw in the Web UI that could let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Exploitation status is not provided in the docume...

5.4CVSS5.6AI score0.00987EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.84 views

CVE-2024-21101

CVE-2024-21101 affects Oracle MySQL Cluster (Cluster: General) across multiple releases: 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior, and 8.3.0 and prior. The vulnerability allows a high-privileged attacker with network access via multiple protocols to obtain unauthorized read access to ...

2.2CVSS4.9AI score0.00401EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.83 views

CVE-2021-35598

CVE-2021-35598 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior. The vulnerability allows a highly privileged attacker with access to the hardware’s physical communication segment to take over the MySQL Clus...

6.3CVSS5.6AI score0.50034EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.83 views

CVE-2021-35621

CVE-2021-35621 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster releases 7.4.33 and earlier, 7.5.23 and earlier, 7.6.19 and earlier, 8.0.26 and earlier. Root cause: a vulnerability in the Cluster: General component could let a highly privileged attacker, with access to the...

6.3CVSS5.7AI score0.46751EPSS
CVE
CVE
added 2024/10/15 7:52 p.m.82 views

CVE-2024-21262

CVE-2024-21262 (MySQL Connectors, Connector/ODBC) Vulnerability in Oracle MySQL Connectors (Connector/ODBC) affecting 9.0.0 and earlier. Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors, potentially causing unauthorized updates/inserts/deletes to...

6.5CVSS5.8AI score0.00547EPSS
CVE
CVE
added 2022/04/22 4:30 p.m.81 views

CVE-2021-38905

CVE-2021-38905 affects IBM Cognos Analytics 11.1.7, 11.2.0 (and related 11.1.x) where an authenticated user could view report pages they should not access due to a access-control vulnerability. Remediate by upgrading to IBM Cognos Analytics 11.2.2 or applying the 11.1.7 FP9/IF9 fixes; IBM notes r...

4.3CVSS5.2AI score0.00889EPSS
CVE
CVE
added 2024/05/02 8:9 p.m.81 views

CVE-2024-25047

IBM Cognos Analytics is affected by CVE-2024-25047: injection attacks in application logging due to unsanitized user-supplied data. Affected versions are 11.2.0–11.2.4 and 12.0.0–12.0.2. Root cause is improper sanitization in logging code, enabling potential follow-on attacks. IBM recommends upgr...

8.6CVSS6.5AI score0.00643EPSS
CVE
CVE
added 2019/05/10 7:24 p.m.80 views

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 are affected by CVE-2019-5496 due to missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The connected NVD entry lists CVSS scores (2.0/3.0) indicating network access with no authentication...

7.5CVSS7.1AI score0.00703EPSS
CVE
CVE
added 2022/09/01 7:0 p.m.80 views

CVE-2021-39009

Summary: CVE-2021-39009 affects IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1, where user credentials are stored in plain text and readable by a local privileged user. The IBM bulletin confirms remediation: upgrade to IBM Cognos Analytics 11.2.3 or apply FP5 for 11.1.x to address this issue. Th...

5.5CVSS5AI score0.00169EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.77 views

CVE-2020-14853

CVE-2020-14853 (MySQL Cluster, NDBCluster Plugin) is confirmed in multiple connected sources as a vulnerability affecting Oracle MySQL’s MySQL Cluster with affected versions 8.0.21 and earlier. The flaw can be exploited by a low-privilege, network-accessible attacker via multiple protocols. Succe...

4.9CVSS4.4AI score0.00934EPSS
CVE
CVE
added 2022/06/24 3:35 p.m.77 views

CVE-2021-38945

Summary of CVE-2021-38945 (IBM Cognos Analytics) Affects IBM Cognos Analytics versions 11.2.1, 11.2.0 and 11.1.7 (shipped with IBM Sterling Control Center) where a remote attacker could upload arbitrary files due to improper content validation on uploads. This is the root cause: lack of proper va...

9.8CVSS9AI score0.01593EPSS
CVE
CVE
added 2018/05/07 1:0 p.m.76 views

CVE-2018-1413

CVE-2018-1413 affects IBM Cognos Analytics 11.0, with cross-site scripting via the Web UI that could lead to credentials disclosure in a trusted session. IBM IBM Cognos Bulletins/NTAP references confirm the vulnerability and list 11.0.11.0 as the fixed release. Remediation: upgrade to IBM Cognos ...

5.4CVSS6.2AI score0.01109EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.76 views

CVE-2021-35590

CVE-2021-35590 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior. Root cause: input validation error in MySQL Cluster. Impact: high-privilege attacker with access to the hardware communication segment can tak...

6.5CVSS5.6AI score0.88497EPSS
CVE
CVE
added 2020/02/19 3:15 p.m.75 views

CVE-2020-4135

CVE-2020-4135 affects IBM DB2 on Linux/UNIX/Windows (including DB2 Connect Server) across 9.7, 10.1, 10.5, 11.1, 11.5. An unauthenticated attacker could send specially crafted packets to cause denial of service via excessive memory usage. Public materials confirm impact as a network-accessible Do...

7.5CVSS7.2AI score0.02927EPSS
CVE
CVE
added 2021/03/11 3:30 p.m.75 views

CVE-2020-5025

CVE-2020-5025 affects IBM DB2 LUW (Linux/UNIX/Windows) and DB2 Connect Server versions 9.7, 10.1, 10.5, 11.1, and 11.5. The vulnerability is a buffer overflow caused by improper bounds checking in db2fm, enabling a local attacker to execute arbitrary code with root privileges. Public sources in I...

8.4CVSS7.9AI score0.00564EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.74 views

CVE-2021-35613

CVE-2021-35613 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster 8.0.26 and earlier. An unauthenticated attacker with network access via multiple protocols can compromise MySQL Cluster, resulting in a partial denial of service. The initial description provides CVSS details ...

4.3CVSS3.7AI score0.01497EPSS
CVE
CVE
added 2022/09/01 7:0 p.m.73 views

CVE-2021-20468

CVE-2021-20468 affects IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 and is a cross-site request forgery (CSRF) vulnerability. The issue could allow an attacker to perform malicious, unauthorized actions transmitted from a trusted user’s session. IBM X-Force ID: 196825. According to IBM’s secur...

6.5CVSS6.4AI score0.00326EPSS
CVE
CVE
added 2022/06/24 3:35 p.m.73 views

CVE-2021-29768

CVE-2021-29768 affects IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1, allowing a low-privilege user to obtain sensitive information from the details of the Cloud Storage page due to faulty access controls. Remediation per connected IBM/NCSC sources: upgrade to Cognos Analytics 11.2.2 or apply 1...

6.5CVSS6.1AI score0.00909EPSS
CVE
CVE
added 2022/09/01 7:0 p.m.73 views

CVE-2021-29823

IBM Cognos Analytics (versions 11.1.0–11.1.7 FP4 and 11.2.0–11.2.2) is affected by CSRF (CVE-2021-29823). The root cause is cross-site requests that could perform malicious, unauthorised actions on behalf of trusted users. Remediation: upgrade to 11.2.3 or apply the documented fixes (11.1.7 FP5)....

6.5CVSS6.4AI score0.00362EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.73 views

CVE-2021-35584

CVE-2021-35584 affects Oracle MySQL Cluster (Cluster: ndbcluster/plugin DDL). Affected: MySQL Cluster 8.0.26 and prior. The vulnerability is described as easily exploitable with network access from multiple protocols by a low-privilege attacker, potentially causing partial denial of service to My...

4.3CVSS3.9AI score0.00978EPSS
CVE
CVE
added 2019/12/20 4:25 p.m.72 views

CVE-2019-4231

CVE-2019-4231 affects IBM Cognos Analytics 11.0 and 11.1. The issue is a Cross-Site Request Forgery (CSRF) that could enable an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The description provided indicates the vulnerability arises from a web application that ...

4.3CVSS5.6AI score0.00721EPSS
CVE
CVE
added 2018/11/09 12:0 a.m.71 views

CVE-2018-1842

The CVE-2018-1842 issue affects IBM Cognos Analytics 11 Configuration tool. The root cause is a bypass of OIDC namespace signature verification on the id_token under certain conditions. This leads to a potential security impact where token validation may be weakened, allowing an attacker to explo...

3.6CVSS5.1AI score0.00263EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.71 views

CVE-2019-4653

CVE-2019-4653 affects IBM Cognos Analytics 11.0 and 11.1. A cross-site scripting (XSS) vulnerability in the Web UI could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The entry is supported by the NVD description and related referenc...

5.4CVSS5.7AI score0.00761EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.71 views

CVE-2021-2411

CVE-2021-2411 affects Oracle MySQL Cluster (Cluster: JS module) with affected versions 8.0.25 and earlier. The vulnerability is exploitable by an unauthenticated attacker over network via multiple protocols, leading to partial denial of service of MySQL Cluster. The connected sources confirm the ...

4.3CVSS3.9AI score0.01659EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.71 views

CVE-2021-35592

CVE-2021-35592 concerns Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster versions 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. Root cause: vulnerability in the Cluster: General component that enables a high privileged attacker with access to the hardware’s physical co...

6.3CVSS5.6AI score0.5139EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.69 views

CVE-2021-35593

CVE-2021-35593 corresponds to a vulnerability in Oracle MySQL Cluster (Cluster: General). Affected versions are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. The issue is described as difficult to exploit, requiring high-privilege access in the physical network segme...

6.3CVSS5.6AI score0.50034EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.69 views

CVE-2021-35594

CVE-2021-35594 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and earlier, 7.5.23 and earlier, 7.6.19 and earlier, and 8.0.26 and earlier. Root cause per description: a vulnerability that is difficult to exploit, exploitable by a highly privileged attacker with access ...

6.3CVSS5.6AI score0.50034EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.69 views

CVE-2021-35618

CVE-2021-35618 affects Oracle MySQL Cluster (Cluster: General) with affected versions 8.0.26 and earlier. The vulnerability in the Cluster General component can permit a highly privileged attacker with physical access to the hardware communication segment to cause partial DoS on MySQL Cluster; ex...

1.8CVSS2AI score0.00655EPSS
CVE
CVE
added 2021/03/11 3:30 p.m.67 views

CVE-2020-5024

Summary of CVE-2020-5024 details from provided documents : IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due to a hang in the SSL handshake response. This is a remote/...

7.5CVSS7.1AI score0.02019EPSS
CVE
CVE
added 2021/12/03 5:0 p.m.66 views

CVE-2021-29867

The CVE-2021-29867 vulnerability affects IBM Cognos Analytics 11.1.7 and 11.2.0, where an authenticated user could view or edit a Jupyter notebook they should not access. Root cause details aren’t explicitly stated in the provided documents, but the NVD entry lists a CVSS v3.1 base score of 5.4 (...

5.5CVSS5.5AI score0.00764EPSS
CVE
CVE
added 2022/09/01 7:0 p.m.66 views

CVE-2022-36773

The CVE-2022-36773 entry concerns IBM Cognos Analytics versions 11.1.7, 11.2.0, and 11.2.1 that are vulnerable to an XML External Entity (XXE) injection when processing XML data. The root cause is an XXE flaw in XML data handling, which could allow a remote attacker to read sensitive information ...

8.1CVSS7.9AI score0.01489EPSS
CVE
CVE
added 2022/09/01 7:0 p.m.65 views

CVE-2021-39045

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by CVE-2021-39045 due to the autocomplete feature on password input fields, which could allow a local attacker to obtain information. The issue is rooted in how password fields handle autocomplete, enabling potential exposure of credent...

6.2CVSS5.2AI score0.00203EPSS
CVE
CVE
added 2020/04/27 1:25 p.m.64 views

CVE-2019-4729

IBM Cognos Analytics versions 11.0 and 11.1 are affected by a vulnerability that allows a remote attacker to obtain sensitive information through detailed error messages returned in the browser, enabling information disclosure. Root cause: leakage via verbose technical error messages. Affected pr...

4.3CVSS4.4AI score0.01576EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.64 views

CVE-2020-4354

IBM Cognos Analytics 11.0 and 11.1 are affected by a cross-site scripting vulnerability stemming from insufficient validation of client data, enabling embedding of arbitrary JavaScript in the Web UI and potentially exposing credentials within a trusted session. Connected sources describe the issu...

5.4CVSS5.6AI score0.0096EPSS
CVE
CVE
added 2022/09/01 7:0 p.m.64 views

CVE-2022-30614

Affected software: IBM Cognos Analytics 11.1.7, 11.2.0, 11.2.1. Vulnerability: Denial of Service via email flooding by sending a specially-crafted request, causing server CPU exhaustion. Root cause / component: DoS condition triggered through email handling (as described in the CVE entry and IBM ...

7.5CVSS7.3AI score0.01372EPSS
CVE
CVE
added 2025/01/21 8:52 p.m.64 views

CVE-2025-21492

CVE-2025-21492 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.36 and prior, and 8.4.0. Description: vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or frequent, repeatable crash (complete DoS) of MySQL Serv...

4.9CVSS4.4AI score0.00916EPSS
CVE
CVE
added 2021/06/30 1:25 p.m.63 views

CVE-2021-20461

CVE-2021-20461 affects IBM Cognos Analytics 10.0 and 11.1, where a weakness in the System Appearance configuration may allow an attacker to bypass business logic and alter the application's appearance/behavior. Connected sources confirm the root cause (System Appearance implementation issue) and ...

6.5CVSS6.8AI score0.00951EPSS
CVE
CVE
added 2022/12/20 12:0 a.m.63 views

CVE-2022-38733

OnCommand Insight (NetApp) versions 7.3.1–7.3.14 contain an authentication bypass in the Data Warehouse component. The CVE-2022-38733 entry documents unauthenticated access risk from the management interface, potentially allowing attackers to obtain system data and cause a denial-of-service. Seve...

8.6CVSS8.6AI score0.00529EPSS
CVE
CVE
added 2018/01/29 4:0 p.m.62 views

CVE-2017-1779

IBM Cognos Analytics 11.0.x has a vulnerability where cached credentials are stored locally and could be obtained by a local user. The issue affects IBM Cognos Analytics versions 11.0.0.0 through 11.0.7.0. Root cause: credentials caching without sufficient protection allows local access to cached...

7.8CVSS7.2AI score0.00418EPSS
CVE
CVE
added 2022/09/01 7:0 p.m.62 views

CVE-2020-4301

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2020-4301). The IBM bulletin confirms CSRF as the underlying issue and notes that fixes have been applied in later releases: 11.2.3 for the 11.2 line and FP5 for 11.1.7. Affected...

6.5CVSS6.4AI score0.00326EPSS
CVE
CVE
added 2021/12/03 5:0 p.m.60 views

CVE-2021-29716

CVE-2021-29716 affects IBM Cognos Analytics 11.1.7 and 11.2.0, where a low‑privilege user could access areas of the application intended for privileged users due to an access control error. Publicly documented details confirm affected versions and a remediation path: apply fixes in Cognos 11.1.7 ...

6.5CVSS6.3AI score0.00933EPSS
CVE
CVE
added 2018/01/29 4:0 p.m.59 views

CVE-2017-1784

CVE-2017-1784 affects IBM Cognos Analytics 11.0. The issue allows a local user to read results stored in temporary files containing highly sensitive information. The root cause is described in IBM’s bulletin associated with Cognos Analytics 11.0.x, noting this vulnerability alongside others (CVE-...

5.5CVSS5.4AI score0.0039EPSS
Total number of security vulnerabilities971