971 matches found
CVE-2020-4976
CVE-2020-4976 affects IBM Db2 LUW (Linux/UNIX/Windows) including DB2 Connect Server, with versions 9.7, 10.1, 10.5, 11.1, and 11.5 at risk from a local attacker who can read and write specific files due to weak file permissions. The connected IBM security bulletins locate the fixed releases and r...
CVE-2019-4730
CVE-2019-4730 affects IBM Cognos Analytics 11.0 and 11.1, where XML data processing is vulnerable to XML External Entity (XXE) injection. The root cause, as described in connected sources, is an XXE flaw that could allow a remote attacker to view sensitive information or exhaust memory resources....
CVE-2019-4724
CVE-2019-4724 affects IBM Cognos Analytics 11.0 and 11.1. The issue allows a remote attacker to obtain credentials from a user’s browser due to incorrect autocomplete settings on the New Content Backup page (authorization-related vulnerability). Public sources corroborate credential exposure risk...
CVE-2021-38909
CVE-2021-38909 affects IBM Cognos Analytics 11.1.7 and 11.2.0, with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Connected sources confirm affected versions (11.1.x and ...
CVE-2020-4300
IBM Cognos Analytics is affected by CVE-2020-4300 due to an XML External Entity (XXE) processing flaw in 11.0 and 11.1. A remote attacker could exploit XML data to disclose sensitive information or exhaust memory. The vulnerability is within the product’s XML handling, and affected versions are I...
CVE-2017-13652
NetApp OnCommand Insight (affected: version 7.3.0 and versions prior to 7.2.0) is susceptible to clickjacking in its UI, which could cause a user to perform an unintended action. The description does not specify the underlying root cause or exact impact beyond this UI interaction risk, and no rem...
CVE-2019-4343
IBM Cognos Analytics (versions 11.0 and 11.1) is affected by CVE-2019-4343 due to overly permissive cross-origin resource sharing, enabling an attacker to access restricted content and transfer private information. The root cause is misconfigured CORS handling in the Cognos web interface, leading...
CVE-2020-4520
IBM Cognos Analytics (11.0 and 11.1) is affected by CVE-2020-4520, a code-injection vulnerability that could allow a remote attacker to inject HTML and have it execute when viewed by an authenticated user. The root cause is an injection issue in Cognos Analytics, enabling cross-site code executio...
CVE-2020-4561
CVE-2020-4561 affects IBM Cognos Analytics 11.0 and 11.1, specifically the DQM API, which allows submitting of all control requests in unauthenticated sessions. This can let a remote attacker with access to a valid CA endpoint read and write files on the Cognos Analytics system. The issue is docu...
CVE-2020-4951
CVE-2020-4951 affects IBM Cognos Analytics 11.1.7 and 11.2.0, where locally cached browser data could allow a local attacker to obtain sensitive information. The issue is an information-disclosure vulnerability; no exploit details are provided in the documents. Remediation recommended: upgrade to...
CVE-2017-1783
IBM Cognos Analytics 11.0.x is affected by CVE-2017-1783: a local user could modify parameters via the Cognos Analytics menus without authentication. The advisory (IBM D6B9…) assigns CVSS v3.0 vector CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N with base score 4.0. Affected versions are 11.0.0.0 ...
CVE-2017-5600
CVE-2017-5600 affects the Data Warehouse component of NetApp OnCommand Insight prior to 7.2.3. A remote attacker can obtain administrative access by exploiting a default privileged account, potentially compromising the Data Warehouse management. Remediation: upgrade to NetApp OnCommand Insight 7....
CVE-2021-29719
CVE-2021-29719 affects IBM Cognos Analytics 11.1.7 and 11.2.0, stemming from a web response that specifies an incorrect content type. This could enable client‑side exploits. IBM’s advisories note official fixes in IBM Cognos Analytics 11.2.1 and 11.1.7 Fix Pack 4 (FP4); upgrade to 11.2.1 or apply...
CVE-2019-4722
Summary of CVE-2019-4722 (IBM Cognos Analytics): IBM Cognos Analytics 11.0 and 11.1 contain an information-disclosure vulnerability that allows a remote attacker to obtain sensitive information via a stack trace, caused by mishandling certain error conditions. Public sources in the connected data...
CVE-2019-4723
CVE-2019-4723 affects IBM Cognos Analytics 11.0 and 11.1, where a remote attacker could obtain credentials from a user's browser due to incorrect autocomplete settings in the New Data Server Connection page. Root cause/impact are described in IBM/IBM X-Force references; cloud versions are address...
CVE-2021-20493
CVE-2021-20493 affects IBM Cognos Analytics 11.1.7 and 11.2.0. A cross-site scripting vulnerability in the Web UI could allow embedding arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. Mitigation provided by vendors: upgrade to IBM Cognos Analytics 11.2...
CVE-2021-29745
IBM Cognos Analytics 11.1.7 and 11.2.0 are affected by CVE-2021-29745, a privilege-escalation vulnerability that could let a lower-privilege user access the restricted New Job page. The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low complexity, and privileges required: LOW; imp...
CVE-2021-29756
CVE-2021-29756 affects IBM Cognos Analytics 11.1.7 and 11.2.0. Description: a cross-site request forgery (CSRF) in the My Inbox page could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. Root cause is a CSRF vulnerability in the affected web UI flow. Impa...
CVE-2021-29679
IBM Cognos Analytics 11.1.7 and 11.2.0 are affected by a remote code execution vulnerability caused by improper neutralization of user input that could be interpreted as server-side include (SSI) directives when an authenticated user provides input. The issue enables code execution with high impa...
CVE-2021-20470
CVE-2021-20470 affects IBM Cognos Analytics 11.1.x and 11.2.0, where defaults do not require strong passwords, enabling easier account compromise. The IBM X-Force entry notes weak-default-password exposure; IBM later issued fixes in Cognos Analytics 11.2.1 and 11.1.7 FP4. Affected products/versio...
CVE-2019-4471
CVE-2019-4471 affects IBM Cognos Analytics 11.0 and 11.1, where a sensitive cookie in HTTPS sessions may be missing the Secure flag, enabling an information disclosure by a remote attacker. The root cause is the failure to set the secure flag on a cookie containing sensitive data. Impact per sour...