Vulnerabilities > IBM > Cognos Analytics > 11.1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-03 | CVE-2021-20493 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. | 4.3 |
2021-12-03 | CVE-2021-29716 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. | 4.0 |
2021-12-03 | CVE-2021-29719 | IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. | 5.3 |
2021-12-03 | CVE-2021-29756 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
2021-12-03 | CVE-2021-29867 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. | 5.5 |
2021-12-03 | CVE-2021-38909 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. | 3.5 |
2021-06-30 | CVE-2021-20461 | Exposure of Resource to Wrong Sphere vulnerability in multiple products IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. | 4.0 |
2020-10-12 | CVE-2020-4388 | Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. | 6.4 |
2020-10-12 | CVE-2020-4302 | Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. | 9.3 |