Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Cognos Analytics
Total 63 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38945 1 Ibm 1 Cognos Analytics 2022-07-29 7.5 HIGH 9.8 CRITICAL
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVE-2021-39047 1 Ibm 2 Cognos Analytics, Planning Analytics 2022-07-29 4.3 MEDIUM 6.1 MEDIUM
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
CVE-2021-29768 1 Ibm 1 Cognos Analytics 2022-07-29 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
CVE-2021-29824 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-07-12 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.
CVE-2021-29716 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.
CVE-2021-29745 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-07-12 6.5 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.
CVE-2021-29867 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-07-12 5.5 MEDIUM 5.4 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.
CVE-2020-4520 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-07-12 6.8 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.
CVE-2021-20461 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.
CVE-2021-20464 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-06-03 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
CVE-2021-38886 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-06-03 6.8 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.
CVE-2021-38903 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-06-03 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.
CVE-2021-38905 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-06-03 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.
CVE-2021-38904 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-06-03 4.3 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.
CVE-2021-38946 1 Ibm 1 Cognos Analytics 2022-06-02 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.
CVE-2019-4729 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-04-26 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.
CVE-2021-29719 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 5.0 MEDIUM 5.3 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091
CVE-2021-20470 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 5.0 MEDIUM 7.5 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.
CVE-2021-29756 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 6.8 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.
CVE-2021-20493 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 4.3 MEDIUM 6.1 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.