Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
NetappOncommand Insight

968 matches found

CVE
CVEadded 2018/07/31 4:29 p.m.42 views

CVE-2017-13652

NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.

6.5CVSS6.3AI score0.00255EPSS
CVE
CVEadded 2021/10/15 4:15 p.m.42 views

CVE-2020-4951

IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.

4CVSS3.9AI score0.00068EPSS
CVE
CVEadded 2018/01/29 4:29 p.m.41 views

CVE-2017-1783

IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.

4CVSS4.7AI score0.00086EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.41 views

CVE-2020-4561

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

10CVSS8.8AI score0.00874EPSS
CVE
CVEadded 2021/12/03 5:15 p.m.41 views

CVE-2021-38909

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.

5.4CVSS5.3AI score0.0031EPSS
CVE
CVEadded 2017/02/02 3:59 p.m.40 views

CVE-2017-5600

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.

9.8CVSS9.1AI score0.00816EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.39 views

CVE-2020-4300

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.

8.2CVSS8.6AI score0.00185EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.39 views

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.

8.8CVSS8.6AI score0.0103EPSS
CVE
CVEadded 2021/12/03 5:15 p.m.39 views

CVE-2021-20493

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.

6.1CVSS5.9AI score0.00325EPSS
CVE
CVEadded 2021/10/15 4:15 p.m.39 views

CVE-2021-29679

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

8.8CVSS8.4AI score0.00721EPSS
CVE
CVEadded 2021/12/03 5:15 p.m.39 views

CVE-2021-29719

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091

5.3CVSS5.4AI score0.00202EPSS
CVE
CVEadded 2021/10/15 4:15 p.m.38 views

CVE-2021-29745

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.

8.8CVSS8.4AI score0.0024EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.37 views

CVE-2019-4471

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.

6.5CVSS6.7AI score0.00116EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.37 views

CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.

4.3CVSS5.1AI score0.00162EPSS
CVE
CVEadded 2021/12/03 5:15 p.m.37 views

CVE-2021-29756

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.

8.8CVSS8.8AI score0.00155EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.36 views

CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

7.5CVSS7.6AI score0.00355EPSS
CVE
CVEadded 2021/12/03 5:15 p.m.36 views

CVE-2021-20470

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.

7.5CVSS7.4AI score0.00256EPSS
CVE
CVEadded 2021/06/01 2:15 p.m.34 views

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

7.5CVSS6.6AI score0.00355EPSS
Total number of security vulnerabilities968