Lucene search
K
NetappOncommand Insight

971 matches found

CVE
CVE
added 2021/03/11 3:30 p.m.58 views

CVE-2020-4976

CVE-2020-4976 affects IBM Db2 LUW (Linux/UNIX/Windows) including DB2 Connect Server, with versions 9.7, 10.1, 10.5, 11.1, and 11.5 at risk from a local attacker who can read and write specific files due to weak file permissions. The connected IBM security bulletins locate the fixed releases and r...

5.1CVSS5.4AI score0.00339EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.57 views

CVE-2019-4730

CVE-2019-4730 affects IBM Cognos Analytics 11.0 and 11.1, where XML data processing is vulnerable to XML External Entity (XXE) injection. The root cause, as described in connected sources, is an XXE flaw that could allow a remote attacker to view sensitive information or exhaust memory resources....

7.1CVSS7.5AI score0.0197EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.56 views

CVE-2019-4724

CVE-2019-4724 affects IBM Cognos Analytics 11.0 and 11.1. The issue allows a remote attacker to obtain credentials from a user’s browser due to incorrect autocomplete settings on the New Content Backup page (authorization-related vulnerability). Public sources corroborate credential exposure risk...

7.5CVSS7.6AI score0.02371EPSS
CVE
CVE
added 2021/12/03 5:0 p.m.56 views

CVE-2021-38909

CVE-2021-38909 affects IBM Cognos Analytics 11.1.7 and 11.2.0, with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Connected sources confirm affected versions (11.1.x and ...

5.4CVSS5.3AI score0.00686EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.55 views

CVE-2020-4300

IBM Cognos Analytics is affected by CVE-2020-4300 due to an XML External Entity (XXE) processing flaw in 11.0 and 11.1. A remote attacker could exploit XML data to disclose sensitive information or exhaust memory. The vulnerability is within the product’s XML handling, and affected versions are I...

8.2CVSS8.6AI score0.04036EPSS
CVE
CVE
added 2018/07/31 4:0 p.m.54 views

CVE-2017-13652

NetApp OnCommand Insight (affected: version 7.3.0 and versions prior to 7.2.0) is susceptible to clickjacking in its UI, which could cause a user to perform an unintended action. The description does not specify the underlying root cause or exact impact beyond this UI interaction risk, and no rem...

6.5CVSS6.3AI score0.01038EPSS
CVE
CVE
added 2019/12/30 3:35 p.m.54 views

CVE-2019-4343

IBM Cognos Analytics (versions 11.0 and 11.1) is affected by CVE-2019-4343 due to overly permissive cross-origin resource sharing, enabling an attacker to access restricted content and transfer private information. The root cause is misconfigured CORS handling in the Cognos web interface, leading...

6.5CVSS6.4AI score0.01459EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.54 views

CVE-2020-4520

IBM Cognos Analytics (11.0 and 11.1) is affected by CVE-2020-4520, a code-injection vulnerability that could allow a remote attacker to inject HTML and have it execute when viewed by an authenticated user. The root cause is an injection issue in Cognos Analytics, enabling cross-site code executio...

8.8CVSS8.6AI score0.0273EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.54 views

CVE-2020-4561

CVE-2020-4561 affects IBM Cognos Analytics 11.0 and 11.1, specifically the DQM API, which allows submitting of all control requests in unauthenticated sessions. This can let a remote attacker with access to a valid CA endpoint read and write files on the Cognos Analytics system. The issue is docu...

10CVSS8.8AI score0.02935EPSS
CVE
CVE
added 2021/10/15 3:55 p.m.54 views

CVE-2020-4951

CVE-2020-4951 affects IBM Cognos Analytics 11.1.7 and 11.2.0, where locally cached browser data could allow a local attacker to obtain sensitive information. The issue is an information-disclosure vulnerability; no exploit details are provided in the documents. Remediation recommended: upgrade to...

4CVSS3.9AI score0.00266EPSS
CVE
CVE
added 2018/01/29 4:0 p.m.53 views

CVE-2017-1783

IBM Cognos Analytics 11.0.x is affected by CVE-2017-1783: a local user could modify parameters via the Cognos Analytics menus without authentication. The advisory (IBM D6B9…) assigns CVSS v3.0 vector CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N with base score 4.0. Affected versions are 11.0.0.0 ...

4CVSS4.7AI score0.00471EPSS
CVE
CVE
added 2017/02/02 3:0 p.m.52 views

CVE-2017-5600

CVE-2017-5600 affects the Data Warehouse component of NetApp OnCommand Insight prior to 7.2.3. A remote attacker can obtain administrative access by exploiting a default privileged account, potentially compromising the Data Warehouse management. Remediation: upgrade to NetApp OnCommand Insight 7....

9.8CVSS9.1AI score0.02403EPSS
CVE
CVE
added 2021/12/03 5:0 p.m.52 views

CVE-2021-29719

CVE-2021-29719 affects IBM Cognos Analytics 11.1.7 and 11.2.0, stemming from a web response that specifies an incorrect content type. This could enable client‑side exploits. IBM’s advisories note official fixes in IBM Cognos Analytics 11.2.1 and 11.1.7 Fix Pack 4 (FP4); upgrade to 11.2.1 or apply...

5.3CVSS5.4AI score0.01204EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.51 views

CVE-2019-4722

Summary of CVE-2019-4722 (IBM Cognos Analytics): IBM Cognos Analytics 11.0 and 11.1 contain an information-disclosure vulnerability that allows a remote attacker to obtain sensitive information via a stack trace, caused by mishandling certain error conditions. Public sources in the connected data...

4.3CVSS5.1AI score0.01386EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.51 views

CVE-2019-4723

CVE-2019-4723 affects IBM Cognos Analytics 11.0 and 11.1, where a remote attacker could obtain credentials from a user's browser due to incorrect autocomplete settings in the New Data Server Connection page. Root cause/impact are described in IBM/IBM X-Force references; cloud versions are address...

7.5CVSS6.6AI score0.02371EPSS
CVE
CVE
added 2021/12/03 5:0 p.m.51 views

CVE-2021-20493

CVE-2021-20493 affects IBM Cognos Analytics 11.1.7 and 11.2.0. A cross-site scripting vulnerability in the Web UI could allow embedding arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. Mitigation provided by vendors: upgrade to IBM Cognos Analytics 11.2...

6.1CVSS5.9AI score0.009EPSS
CVE
CVE
added 2021/10/15 3:55 p.m.51 views

CVE-2021-29745

IBM Cognos Analytics 11.1.7 and 11.2.0 are affected by CVE-2021-29745, a privilege-escalation vulnerability that could let a lower-privilege user access the restricted New Job page. The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low complexity, and privileges required: LOW; imp...

8.8CVSS8.4AI score0.00972EPSS
CVE
CVE
added 2021/12/03 5:0 p.m.50 views

CVE-2021-29756

CVE-2021-29756 affects IBM Cognos Analytics 11.1.7 and 11.2.0. Description: a cross-site request forgery (CSRF) in the My Inbox page could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. Root cause is a CSRF vulnerability in the affected web UI flow. Impa...

8.8CVSS8.8AI score0.00566EPSS
CVE
CVE
added 2021/10/15 3:55 p.m.49 views

CVE-2021-29679

IBM Cognos Analytics 11.1.7 and 11.2.0 are affected by a remote code execution vulnerability caused by improper neutralization of user input that could be interpreted as server-side include (SSI) directives when an authenticated user provides input. The issue enables code execution with high impa...

8.8CVSS8.4AI score0.01936EPSS
CVE
CVE
added 2021/12/03 5:0 p.m.48 views

CVE-2021-20470

CVE-2021-20470 affects IBM Cognos Analytics 11.1.x and 11.2.0, where defaults do not require strong passwords, enabling easier account compromise. The IBM X-Force entry notes weak-default-password exposure; IBM later issued fixes in Cognos Analytics 11.2.1 and 11.1.7 FP4. Affected products/versio...

7.5CVSS7.4AI score0.01381EPSS
CVE
CVE
added 2021/05/31 3:10 p.m.47 views

CVE-2019-4471

CVE-2019-4471 affects IBM Cognos Analytics 11.0 and 11.1, where a sensitive cookie in HTTPS sessions may be missing the Secure flag, enabling an information disclosure by a remote attacker. The root cause is the failure to set the secure flag on a cookie containing sensitive data. Impact per sour...

6.5CVSS6.7AI score0.01049EPSS
Total number of security vulnerabilities971