VYPR

Cognos Analytics

by IBM

CVEs (114)

  • CVE-2019-4334MedNov 9, 2019
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.

  • CVE-2016-0398MedJul 2, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.

  • CVE-2017-1783MedJan 29, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.

  • CVE-2018-1842LowNov 9, 2018
    risk 0.23cvss 3.6epss 0.00

    IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.

  • CVE-2020-4951LowOct 15, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.

  • CVE-2017-1125LowJun 7, 2017
    risk 0.21cvss 3.3epss 0.00

    IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.

  • CVE-2024-56340Feb 28, 2025
    risk 0.01cvss epss 0.01

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

  • CVE-2025-36057Jul 21, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.

  • CVE-2025-36062Jul 21, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic.

  • CVE-2025-36106Jul 21, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured…

  • CVE-2025-36107Jul 21, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.

  • CVE-2024-52900Jun 28, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…

  • CVE-2025-0923Jun 11, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

  • CVE-2025-0917Jun 11, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended…

  • CVE-2025-25032Jun 11, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

  • CVE-2024-55907Mar 2, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.

  • CVE-2025-0895Mar 2, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.

  • CVE-2025-0823Feb 28, 2025
    risk 0.00cvss epss 0.01

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2024-49352Feb 5, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or…

  • CVE-2023-38009Jan 26, 2025
    risk 0.00cvss epss 0.00

    IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

Page 5 of 6