Vulnerabilities > IBM > Cognos Analytics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-03 | CVE-2021-29716 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. | 6.5 |
| 2021-12-03 | CVE-2021-29719 | IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. | 5.3 |
| 2021-12-03 | CVE-2021-29756 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-12-03 | CVE-2021-29867 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. | 5.4 |
| 2021-12-03 | CVE-2021-38909 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. | 5.4 |
| 2021-10-15 | CVE-2020-4951 | Information Exposure vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | 3.3 |
| 2021-10-15 | CVE-2021-29679 | Code Injection vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. | 8.8 |
| 2021-10-15 | CVE-2021-29745 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. | 8.8 |
| 2021-06-30 | CVE-2021-20461 | Exposure of Resource to Wrong Sphere vulnerability in multiple products IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. | 6.5 |
| 2021-06-01 | CVE-2019-4471 | Missing Encryption of Sensitive Data vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. | 6.5 |