Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cognos_analytics
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 96 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-17 | CVE-2019-4342 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. | Cognos_analytics, Oncommand_insight | 5.4 | ||
| 2019-12-30 | CVE-2019-4343 | IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2019-12-20 | CVE-2019-4231 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. | Cognos_analytics, Oncommand_insight | 4.3 | ||
| 2020-04-27 | CVE-2019-4729 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519. | Cognos_analytics, Oncommand_insight | 4.3 | ||
| 2021-06-01 | CVE-2019-4471 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780. | Cognos_analytics, Oncommand_insight | 6.5 | ||
| 2021-06-01 | CVE-2019-4653 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964. | Cognos_analytics, Oncommand_insight | 5.4 | ||
| 2021-06-01 | CVE-2019-4722 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128. | Cognos_analytics, Oncommand_insight | 4.3 | ||
| 2021-06-01 | CVE-2019-4723 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. | Cognos_analytics, Oncommand_insight | 7.5 | ||
| 2021-06-01 | CVE-2019-4724 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. | Cognos_analytics, Oncommand_insight | 7.5 | ||
| 2021-06-01 | CVE-2019-4730 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. | Cognos_analytics, Oncommand_insight | 7.1 |