Ibm

Cognos Analytics

102 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-52900

  • EPSS 0.04%
  • Veröffentlicht 28.06.2025 00:59:23
  • Zuletzt bearbeitet 01.07.2025 18:07:20

IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu...

5.3

CVE-2025-0923

  • EPSS 0.04%
  • Veröffentlicht 11.06.2025 17:28:57
  • Zuletzt bearbeitet 17.06.2025 20:33:12

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

4.8

CVE-2025-0917

  • EPSS 0.03%
  • Veröffentlicht 11.06.2025 17:27:49
  • Zuletzt bearbeitet 17.06.2025 20:33:21

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus al...

7.5

CVE-2025-25032

  • EPSS 0.03%
  • Veröffentlicht 11.06.2025 17:26:35
  • Zuletzt bearbeitet 17.06.2025 20:33:07

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

6.5

CVE-2024-56340

  • EPSS 0.94%
  • Veröffentlicht 28.02.2025 03:15:10
  • Zuletzt bearbeitet 02.07.2025 15:59:10

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

6.5

CVE-2025-0823

  • EPSS 0.08%
  • Veröffentlicht 28.02.2025 03:15:10
  • Zuletzt bearbeitet 02.07.2025 15:59:20

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitra...

7.1

CVE-2024-49352

  • EPSS 0.49%
  • Veröffentlicht 05.02.2025 11:15:14
  • Zuletzt bearbeitet 02.07.2025 15:59:03

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to exp...

5.9

CVE-2023-38009

  • EPSS 0.02%
  • Veröffentlicht 26.01.2025 16:15:30
  • Zuletzt bearbeitet 18.08.2025 17:57:33

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

8

CVE-2024-40695

Medienbericht
  • EPSS 0.11%
  • Veröffentlicht 20.12.2024 14:15:24
  • Zuletzt bearbeitet 02.07.2025 15:53:18

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload mal...

9

CVE-2024-51466

Medienbericht
  • EPSS 0.25%
  • Veröffentlicht 20.12.2024 14:15:24
  • Zuletzt bearbeitet 02.07.2025 15:58:56

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resou...