CVE-2025-3633
- EPSS 0.31%
- Veröffentlicht 27.05.2026 12:17:11
- Zuletzt bearbeitet 02.06.2026 20:05:07
IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user ...
CVE-2025-36126
- EPSS 0.19%
- Veröffentlicht 26.05.2026 15:52:49
- Zuletzt bearbeitet 01.06.2026 17:30:40
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript co...
CVE-2025-33150
- EPSS 0.23%
- Veröffentlicht 10.11.2025 19:33:55
- Zuletzt bearbeitet 12.12.2025 15:14:49
IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages.
CVE-2024-52900
- EPSS 0.17%
- Veröffentlicht 28.06.2025 00:59:23
- Zuletzt bearbeitet 01.07.2025 18:07:20
IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu...
CVE-2025-0923
- EPSS 0.24%
- Veröffentlicht 11.06.2025 17:28:57
- Zuletzt bearbeitet 17.06.2025 20:33:12
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
CVE-2025-0917
- EPSS 0.18%
- Veröffentlicht 11.06.2025 17:27:49
- Zuletzt bearbeitet 17.06.2025 20:33:21
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus al...
CVE-2025-25032
- EPSS 0.32%
- Veröffentlicht 11.06.2025 17:26:35
- Zuletzt bearbeitet 17.06.2025 20:33:07
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
CVE-2024-56340
- EPSS 0.78%
- Veröffentlicht 28.02.2025 03:15:10
- Zuletzt bearbeitet 17.10.2025 16:15:36
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.
CVE-2025-0823
- EPSS 0.55%
- Veröffentlicht 28.02.2025 03:15:10
- Zuletzt bearbeitet 02.07.2025 15:59:20
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitra...
CVE-2024-49352
- EPSS 0.46%
- Veröffentlicht 05.02.2025 11:15:14
- Zuletzt bearbeitet 02.07.2025 15:59:03
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to exp...