Ibm

Cognos Analytics

102 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-4471

  • EPSS 0.12%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 04:43:38

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain se...

5.4

CVE-2019-4653

  • EPSS 0.3%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 04:43:55

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

4.3

CVE-2019-4722

  • EPSS 0.16%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 04:44:03

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.

7.5

CVE-2019-4723

  • EPSS 0.36%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 04:44:03

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

7.5

CVE-2019-4724

  • EPSS 0.36%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 04:44:03

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

7.1

CVE-2019-4730

  • EPSS 0.59%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 04:44:04

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID...

8.2

CVE-2020-4300

  • EPSS 0.19%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 05:32:32

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID...

5.4

CVE-2020-4354

  • EPSS 0.18%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 05:32:38

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

8.8

CVE-2020-4520

  • EPSS 1.03%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 05:32:50

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.

10

CVE-2020-4561

  • EPSS 0.87%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 05:32:54

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID:...