Vulnerabilities > IBM > Cognos Analytics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-26 | CVE-2023-43051 | IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. | 5.4 |
| 2023-08-16 | CVE-2023-35009 | Information Exposure Through an Error Message vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. | 5.3 |
| 2023-08-16 | CVE-2023-35011 | Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2023-07-22 | CVE-2023-25929 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 5.4 |
| 2023-07-22 | CVE-2023-28530 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. | 5.4 |
| 2023-05-12 | CVE-2021-39036 | Unspecified vulnerability in IBM Cognos Analytics 11.1/11.2 IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 6.1 |
| 2022-12-19 | CVE-2022-38708 | Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. | 9.1 |
| 2022-12-19 | CVE-2022-39160 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. | 6.1 |
| 2022-12-19 | CVE-2022-43883 | Improper Encoding or Escaping of Output vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. | 7.5 |
| 2022-12-19 | CVE-2022-43887 | Information Exposure Through Log Files vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. | 5.3 |