Vulnerabilities > IBM > Cognos Analytics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-03 | CVE-2020-4377 | XML Entity Expansion vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2020-08-03 | CVE-2019-4589 | Improper Privilege Management vulnerability in IBM Cognos Analytics 11.1.0/11.0.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. | 4.0 |
| 2020-08-03 | CVE-2019-4366 | Information Exposure vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. | 5.0 |
| 2020-04-27 | CVE-2019-4729 | Information Exposure Through an Error Message vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
| 2019-12-30 | CVE-2019-4623 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 3.5 |
| 2019-12-30 | CVE-2019-4343 | Incorrect Authorization vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. | 6.5 |
| 2019-12-20 | CVE-2019-4555 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. | 3.5 |
| 2019-12-20 | CVE-2019-4231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-11-09 | CVE-2019-4645 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 4.3 |
| 2019-11-09 | CVE-2019-4334 | Unspecified vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. | 4.0 |