VYPR

Cognos Analytics

by IBM

CVEs (114)

  • CVE-2025-36126MedMay 26, 2026
    risk 0.42cvss 6.4epss 0.00

    IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus…

  • CVE-2022-43883MedDec 19, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

  • CVE-2022-38708MedDec 19, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system.…

  • CVE-2022-34339MedNov 3, 2022
    risk 0.42cvss 6.5epss 0.00

    "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."

  • CVE-2021-29823MedSep 1, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.

  • CVE-2021-20468MedSep 1, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.

  • CVE-2020-4301MedSep 1, 2022
    risk 0.42cvss 6.5epss 0.00

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

  • CVE-2021-29768MedJun 24, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.

  • CVE-2021-38904MedApr 22, 2022
    risk 0.42cvss 6.5epss 0.02

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.

  • CVE-2021-20464MedApr 22, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

  • CVE-2021-39080MedFeb 14, 2022
    risk 0.42cvss 6.5epss 0.01

    Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM…

  • CVE-2021-29716MedDec 3, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.

  • CVE-2021-20461MedJun 30, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.

  • CVE-2019-4471MedJun 1, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM…

  • CVE-2019-4343MedDec 30, 2019
    risk 0.42cvss 6.5epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.

  • CVE-2019-4178MedApr 15, 2019
    risk 0.42cvss 6.4epss 0.03

    IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.

  • CVE-2021-39036MedMay 12, 2023
    risk 0.40cvss 6.1epss 0.01

    IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-39160MedDec 19, 2022
    risk 0.40cvss 6.1epss 0.00

    IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2021-39047MedJun 24, 2022
    risk 0.40cvss 6.1epss 0.01

    IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2021-20493MedDec 3, 2021
    risk 0.40cvss 6.1epss 0.01

    IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

Page 2 of 6