Vulnerabilities > IBM > Cognos Analytics

DATE CVE VULNERABILITY TITLE RISK
2021-12-03 CVE-2021-20470 Weak Password Requirements vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm netapp CWE-521
7.5
2021-12-03 CVE-2021-20493 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
6.1
2021-12-03 CVE-2021-29716 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view.
network
low complexity
ibm netapp
6.5
2021-12-03 CVE-2021-29719 IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type.
network
low complexity
ibm netapp
5.3
2021-12-03 CVE-2021-29756 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
8.8
2021-12-03 CVE-2021-29867 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to.
network
low complexity
ibm netapp
5.4
2021-12-03 CVE-2021-38909 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
2021-10-15 CVE-2020-4951 Information Exposure vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
local
low complexity
ibm netapp CWE-200
3.3
2021-10-15 CVE-2021-29679 Code Injection vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive.
network
low complexity
ibm netapp CWE-94
8.8
2021-10-15 CVE-2021-29745 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to.
network
low complexity
ibm netapp
8.8