Oncommand Insight Security Vulnerabilities and Issues — Oncommand Insight CVE List

Lucene search

NetappOncommand Insight

12 matches found

CVE•added 2021/12/10 10:15 a.m.•5653 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message ...

10CVSS10AI score0.94358EPSS

CVE•added 2021/12/09 5:15 p.m.•77 views

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

8.7CVSS8AI score0.00097EPSS

CVE•added 2021/12/09 5:15 p.m.•72 views

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

6.5CVSS6.5AI score0.00092EPSS

CVE•added 2021/12/09 5:15 p.m.•69 views

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.

5.5CVSS6.5AI score0.00057EPSS

CVE•added 2021/12/09 5:15 p.m.•69 views

CVE-2021-39002

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS7.7AI score0.00053EPSS

CVE•added 2021/12/03 5:15 p.m.•49 views

CVE-2021-29867

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.

5.5CVSS5.5AI score0.00167EPSS

CVE•added 2021/12/03 5:15 p.m.•45 views

CVE-2021-29716

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.

6.5CVSS6.3AI score0.00361EPSS

CVE•added 2021/12/03 5:15 p.m.•41 views

CVE-2021-38909

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.

5.4CVSS5.3AI score0.0031EPSS

CVE•added 2021/12/03 5:15 p.m.•39 views

CVE-2021-20493

6.1CVSS5.9AI score0.00325EPSS

CVE•added 2021/12/03 5:15 p.m.•39 views

CVE-2021-29719

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091

5.3CVSS5.4AI score0.00202EPSS

CVE•added 2021/12/03 5:15 p.m.•37 views

CVE-2021-29756

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.

8.8CVSS8.8AI score0.00155EPSS

CVE•added 2021/12/03 5:15 p.m.•36 views

CVE-2021-20470

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.

7.5CVSS7.4AI score0.00256EPSS