Netapp

Oncommand Insight

969 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-4723

  • EPSS 0.36%
  • Veröffentlicht 01.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 04:44:03

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.

7.5

CVE-2019-4724

  • EPSS 0.36%
  • Veröffentlicht 01.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 04:44:03

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

7.1

CVE-2019-4730

  • EPSS 0.59%
  • Veröffentlicht 01.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 04:44:04

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID...

8.2

CVE-2020-4300

  • EPSS 0.19%
  • Veröffentlicht 01.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:32:32

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID...

5.4

CVE-2020-4354

  • EPSS 0.18%
  • Veröffentlicht 01.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:32:38

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

8.8

CVE-2020-4520

  • EPSS 1.03%
  • Veröffentlicht 01.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:32:50

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.

10

CVE-2020-4561

  • EPSS 0.87%
  • Veröffentlicht 01.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:32:54

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID:...

8.6

CVE-2021-3517

  • EPSS 0.09%
  • Veröffentlicht 19.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

5.4

CVE-2021-29489

  • EPSS 0.23%
  • Veröffentlicht 05.05.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:01:14

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute...

4

CVE-2021-2298

  • EPSS 1.08%
  • Veröffentlicht 22.04.2021 22:15:17
  • Zuletzt bearbeitet 21.11.2024 06:02:50

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot...