CVE-2021-20468
- EPSS 0.33%
- Veröffentlicht 01.09.2022 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:46:37
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.
CVE-2021-29823
- EPSS 0.36%
- Veröffentlicht 01.09.2022 19:15:11
- Zuletzt bearbeitet 21.11.2024 06:01:52
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.
CVE-2021-29768
- EPSS 0.91%
- Veröffentlicht 24.06.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:01:46
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
CVE-2021-38945
- EPSS 1.59%
- Veröffentlicht 24.06.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:18:15
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVE-2021-39047
- EPSS 0.83%
- Veröffentlicht 24.06.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:18:29
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...
CVE-2021-20464
- EPSS 1.34%
- Veröffentlicht 22.04.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 05:46:37
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
CVE-2021-29824
- EPSS 0.84%
- Veröffentlicht 22.04.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:01:52
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.
CVE-2021-38886
- EPSS 0.54%
- Veröffentlicht 22.04.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:18:09
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.
CVE-2021-38903
- EPSS 0.93%
- Veröffentlicht 22.04.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:18:11
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be ...
CVE-2021-38904
- EPSS 1.73%
- Veröffentlicht 22.04.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:18:11
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.