Vulnerabilities > IBM > Cognos Analytics > 11.0.11

DATE CVE VULNERABILITY TITLE RISK
2021-06-30 CVE-2021-20461 Exposure of Resource to Wrong Sphere vulnerability in multiple products
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting.
network
low complexity
ibm netapp CWE-668
6.5
2020-10-12 CVE-2020-4388 Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks.
network
low complexity
ibm CWE-755
8.2
2020-10-12 CVE-2020-4302 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection.
local
low complexity
ibm CWE-1236
7.8
2020-04-27 CVE-2019-4729 Information Exposure Through an Error Message vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm netapp CWE-209
4.3
2019-12-20 CVE-2019-4555 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-12-20 CVE-2019-4231 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
4.3
2019-04-15 CVE-2019-4178 Path Traversal vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
critical
9.1
2018-11-09 CVE-2018-1842 Improper Verification of Cryptographic Signature vulnerability in multiple products
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token.
local
high complexity
ibm netapp CWE-347
3.6