Vulnerabilities > IBM > Cognos Analytics

DATE CVE VULNERABILITY TITLE RISK
2021-06-01 CVE-2019-4724 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page.
network
low complexity
ibm netapp CWE-522
7.5
2021-06-01 CVE-2019-4730 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
7.1
2021-06-01 CVE-2020-4300 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
8.2
2021-06-01 CVE-2020-4354 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
2021-06-01 CVE-2020-4520 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code.
network
low complexity
ibm netapp CWE-79
8.8
2021-06-01 CVE-2020-4561 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions.
network
low complexity
ibm netapp CWE-829
critical
10.0
2020-10-12 CVE-2020-4388 Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks.
network
low complexity
ibm CWE-755
8.2
2020-10-12 CVE-2020-4302 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection.
local
low complexity
ibm CWE-1236
7.8
2020-08-03 CVE-2020-4377 XXE vulnerability in IBM Cognos Analytics 11.0.0/11.1.0
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2020-08-03 CVE-2019-4589 Improper Privilege Management vulnerability in IBM Cognos Analytics 11.0.0/11.1.0
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user.
network
low complexity
ibm CWE-269
4.3