Ibm

Cognos Business Intelligence

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2018-1934

  • EPSS 0.13%
  • Veröffentlicht 20.12.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:00:37

IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179.

7

CVE-2017-1764

  • EPSS 0.04%
  • Veröffentlicht 23.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:22:19

IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.

6.1

CVE-2017-1486

  • EPSS 0.18%
  • Veröffentlicht 23.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:21:57

IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t...

6.8

CVE-2016-0254

  • EPSS 0.49%
  • Veröffentlicht 07.06.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all avai...

5.4

CVE-2016-3038

  • EPSS 0.23%
  • Veröffentlicht 17.04.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.7

CVE-2016-3037

  • EPSS 0.27%
  • Veröffentlicht 17.04.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.

7.5

CVE-2016-3036

  • EPSS 1.18%
  • Veröffentlicht 17.04.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612.

8.8

CVE-2016-8960

  • EPSS 0.53%
  • Veröffentlicht 27.03.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subs...

5.5

CVE-2016-9985

  • EPSS 0.05%
  • Veröffentlicht 08.03.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

5.4

CVE-2016-0218

  • EPSS 0.16%
  • Veröffentlicht 01.02.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute scrip...