Ibm

Cognos Analytics

102 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-38945

  • EPSS 0.23%
  • Published 24.06.2022 16:15:08
  • Last modified 21.11.2024 06:18:15

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

6.1

CVE-2021-39047

  • EPSS 0.22%
  • Published 24.06.2022 16:15:08
  • Last modified 21.11.2024 06:18:29

IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...

6.5

CVE-2021-20464

  • EPSS 0.33%
  • Published 22.04.2022 17:15:07
  • Last modified 21.11.2024 05:46:37

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

4.3

CVE-2021-29824

  • EPSS 0.22%
  • Published 22.04.2022 17:15:07
  • Last modified 21.11.2024 06:01:52

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.

8.8

CVE-2021-38886

  • EPSS 0.18%
  • Published 22.04.2022 17:15:07
  • Last modified 21.11.2024 06:18:09

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

5.4

CVE-2021-38903

  • EPSS 0.15%
  • Published 22.04.2022 17:15:07
  • Last modified 21.11.2024 06:18:11

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be ...

6.5

CVE-2021-38904

  • EPSS 0.27%
  • Published 22.04.2022 17:15:07
  • Last modified 21.11.2024 06:18:11

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.

4.3

CVE-2021-38905

  • EPSS 0.17%
  • Published 22.04.2022 17:15:07
  • Last modified 21.11.2024 06:18:11

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.

5.4

CVE-2021-38946

  • EPSS 0.69%
  • Published 22.04.2022 17:15:07
  • Last modified 21.11.2024 06:18:16

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

5.4

CVE-2021-38909

  • EPSS 0.31%
  • Published 03.12.2021 17:15:12
  • Last modified 21.11.2024 06:18:11

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...