Ibm

Cognos Analytics

102 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-52900

  • EPSS 0.04%
  • Published 28.06.2025 00:59:23
  • Last modified 01.07.2025 18:07:20

IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu...

5.3

CVE-2025-0923

  • EPSS 0.04%
  • Published 11.06.2025 17:28:57
  • Last modified 17.06.2025 20:33:12

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

4.8

CVE-2025-0917

  • EPSS 0.03%
  • Published 11.06.2025 17:27:49
  • Last modified 17.06.2025 20:33:21

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus al...

7.5

CVE-2025-25032

  • EPSS 0.03%
  • Published 11.06.2025 17:26:35
  • Last modified 17.06.2025 20:33:07

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

6.5

CVE-2024-56340

  • EPSS 0.94%
  • Published 28.02.2025 03:15:10
  • Last modified 02.07.2025 15:59:10

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

6.5

CVE-2025-0823

  • EPSS 0.08%
  • Published 28.02.2025 03:15:10
  • Last modified 02.07.2025 15:59:20

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitra...

7.1

CVE-2024-49352

  • EPSS 0.49%
  • Published 05.02.2025 11:15:14
  • Last modified 02.07.2025 15:59:03

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to exp...

5.9

CVE-2023-38009

  • EPSS 0.02%
  • Published 26.01.2025 16:15:30
  • Last modified 18.08.2025 17:57:33

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

8

CVE-2024-40695

Media report
  • EPSS 0.11%
  • Published 20.12.2024 14:15:24
  • Last modified 02.07.2025 15:53:18

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload mal...

9

CVE-2024-51466

Media report
  • EPSS 0.25%
  • Published 20.12.2024 14:15:24
  • Last modified 02.07.2025 15:58:56

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resou...