VYPR

Cognos Analytics

by IBM

CVEs (114)

  • CVE-2019-4555MedDec 20, 2019
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2019-4342MedSep 17, 2019
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2019-4139MedMay 29, 2019
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2018-1413MedMay 7, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2016-9711MedMar 22, 2018
    risk 0.35cvss 5.3epss 0.02

    IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.

  • CVE-2017-1535MedAug 29, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2017-1485MedAug 29, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2016-3032MedMay 10, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2016-3031MedApr 5, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…

  • CVE-2016-3015MedApr 5, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…

  • CVE-2016-0218MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser…

  • CVE-2016-0217MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in…

  • CVE-2022-43887MedDec 19, 2022
    risk 0.34cvss 5.3epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

  • CVE-2023-25929MedJul 22, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2021-38905MedApr 22, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.

  • CVE-2021-29824MedApr 22, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.

  • CVE-2019-4722MedJun 1, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.

  • CVE-2019-4589MedAug 3, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.

  • CVE-2019-4729MedApr 27, 2020
    risk 0.28cvss 4.3epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.

  • CVE-2019-4231MedDec 20, 2019
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.

Page 4 of 6