Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:cognos_analytics:11.1.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-4589 |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449. Published: August 03, 2020; 9:15:11 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-4366 |
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. Published: August 03, 2020; 9:15:10 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-4729 |
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519. Published: April 27, 2020; 10:15:11 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-4623 |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924. Published: December 30, 2019; 11:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-4343 |
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. Published: December 30, 2019; 11:15:11 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-4555 |
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204. Published: December 20, 2019; 12:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-4231 |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. Published: December 20, 2019; 12:15:12 PM -0500 |
V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-4645 |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. Published: November 08, 2019; 9:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-4334 |
IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271. Published: November 08, 2019; 9:15:10 PM -0500 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-1721 |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369. Published: November 08, 2019; 9:15:10 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2019-4342 |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. Published: September 17, 2019; 3:15:11 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-4183 |
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. Published: September 17, 2019; 3:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2019-4139 |
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335. Published: May 29, 2019; 11:29:00 AM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |