VYPR

Cognos Analytics

by IBM

CVEs (114)

  • CVE-2020-4561CriJun 1, 2021
    risk 0.65cvss 10.0epss 0.03

    IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

  • CVE-2021-38945CriJun 24, 2022
    risk 0.64cvss 9.8epss 0.02

    IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

  • CVE-2020-4377CriAug 3, 2020
    risk 0.59cvss 9.1epss 0.02

    IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.

  • CVE-2021-38886HigApr 22, 2022
    risk 0.57cvss 8.8epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

  • CVE-2021-29756HigDec 3, 2021
    risk 0.57cvss 8.8epss 0.01

    IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.

  • CVE-2021-29745HigOct 15, 2021
    risk 0.57cvss 8.8epss 0.01

    IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.

  • CVE-2021-29679HigOct 15, 2021
    risk 0.57cvss 8.8epss 0.02

    IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

  • CVE-2020-4520HigJun 1, 2021
    risk 0.57cvss 8.8epss 0.03

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.

  • CVE-2018-1721HigNov 9, 2019
    risk 0.57cvss 8.8epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM…

  • CVE-2020-4300HigJun 1, 2021
    risk 0.54cvss 8.2epss 0.04

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.

  • CVE-2022-36773HigSep 1, 2022
    risk 0.53cvss 8.1epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.

  • CVE-2020-4388HigOct 12, 2020
    risk 0.53cvss 8.2epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.

  • CVE-2020-4302HigOct 12, 2020
    risk 0.51cvss 7.8epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the…

  • CVE-2017-1779HigJan 29, 2018
    risk 0.51cvss 7.8epss 0.00

    IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

  • CVE-2022-30614HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID:…

  • CVE-2021-20470HigDec 3, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.

  • CVE-2019-4724HigJun 1, 2021
    risk 0.49cvss 7.5epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

  • CVE-2019-4723HigJun 1, 2021
    risk 0.49cvss 7.5epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

  • CVE-2019-4183HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.04

    IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

  • CVE-2019-4730HigJun 1, 2021
    risk 0.46cvss 7.1epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.

Page 1 of 6