Vulnerabilities > IBM > Cognos Analytics > 11.2.4

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-35009 Information Exposure Through an Error Message vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks.
network
low complexity
ibm CWE-209
5.3
5.3
2023-08-16 CVE-2023-35011 Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
5.4
2023-07-22 CVE-2023-25929 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2023-07-22 CVE-2023-28530 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations.
network
low complexity
ibm CWE-79
5.4
5.4