U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:ibm:cognos_analytics:11.1.3:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 32 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-35011

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705.

Published: August 16, 2023; 7:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-35009

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.

Published: August 16, 2023; 7:15:09 PM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-28530

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.

Published: July 21, 2023; 10:15:47 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-25929

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.

Published: July 21, 2023; 10:15:47 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43887

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

Published: December 19, 2022; 4:15:10 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

Published: December 19, 2022; 4:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-39160

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.

Published: December 19, 2022; 4:15:10 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-38708

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.

Published: December 19, 2022; 4:15:10 PM -0500
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2022-34339

"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."

Published: November 03, 2022; 4:15:28 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-36773

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.

Published: September 01, 2022; 3:15:12 PM -0400
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2022-30614

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.

Published: September 01, 2022; 3:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2021-39045

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.

Published: September 01, 2022; 3:15:12 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-39009

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

Published: September 01, 2022; 3:15:12 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-29823

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.

Published: September 01, 2022; 3:15:11 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2021-20468

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.

Published: September 01, 2022; 3:15:11 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2020-4301

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

Published: September 01, 2022; 3:15:11 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2021-39047

IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.

Published: June 24, 2022; 12:15:08 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-38945

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

Published: June 24, 2022; 12:15:08 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-29768

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.

Published: June 24, 2022; 12:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-38909

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.

Published: December 03, 2021; 12:15:12 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW