Vulnerabilities > IBM > Cognos Analytics

DATE CVE VULNERABILITY TITLE RISK
2022-04-22 CVE-2021-20464 XML Entity Expansion vulnerability in multiple products
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user.
network
low complexity
ibm netapp CWE-776
4.0
4.0
2022-04-22 CVE-2021-29824 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access.
network
low complexity
ibm netapp
4.0
4.0
2022-04-22 CVE-2021-38886 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm netapp CWE-352
6.8
6.8
2022-04-22 CVE-2021-38903 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
ibm netapp CWE-79
3.5
3.5
2022-04-22 CVE-2021-38904 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings.
network
low complexity
ibm netapp
6.5
6.5
2022-04-22 CVE-2021-38905 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to.
network
low complexity
ibm netapp
4.3
4.3
2022-04-22 CVE-2021-38946 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
5.4
2021-12-03 CVE-2021-20470 Weak Password Requirements vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm netapp CWE-521
5.0
5.0
2021-12-03 CVE-2021-20493 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting.
network
ibm netapp CWE-79
4.3
4.3
2021-12-03 CVE-2021-29716 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view.
network
low complexity
ibm netapp
4.0
4.0