Vulnerabilities > IBM > Cognos Analytics > 11.1.4

DATE CVE VULNERABILITY TITLE RISK
2024-02-26 CVE-2022-34357 IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting.
network
low complexity
netapp ibm
6.5
6.5
2024-02-26 CVE-2023-30996 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins.
network
low complexity
netapp ibm
5.3
5.3
2024-02-26 CVE-2023-32344 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path.
network
low complexity
netapp ibm
4.3
4.3
2024-02-26 CVE-2023-38359 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting.
network
low complexity
netapp ibm
6.1
6.1
2024-02-26 CVE-2023-43051 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting.
network
low complexity
netapp ibm
5.4
5.4
2023-08-16 CVE-2023-35009 Information Exposure Through an Error Message vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks.
network
low complexity
ibm CWE-209
5.3
5.3
2023-08-16 CVE-2023-35011 Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
5.4
2023-07-22 CVE-2023-25929 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2023-07-22 CVE-2023-28530 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations.
network
low complexity
ibm CWE-79
5.4
5.4
2022-12-19 CVE-2022-38708 Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data.
network
low complexity
ibm CWE-918
critical
 9.1
9.1