Vulnerabilities > IBM > Cognos Analytics

DATE CVE VULNERABILITY TITLE RISK
2020-08-03 CVE-2019-4366 Unspecified vulnerability in IBM Cognos Analytics 11.0.0/11.1.0
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data.
network
low complexity
ibm
5.3
2020-04-27 CVE-2019-4729 Information Exposure Through an Error Message vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm netapp CWE-209
4.3
2019-12-30 CVE-2019-4623 Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-12-30 CVE-2019-4343 Incorrect Authorization vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information.
network
low complexity
ibm netapp CWE-863
6.5
2019-12-20 CVE-2019-4555 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-12-20 CVE-2019-4231 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
4.3
2019-11-09 CVE-2019-4645 Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2019-11-09 CVE-2019-4334 Unspecified vulnerability in IBM Cognos Analytics 11.0.0/11.1.0
IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system.
network
low complexity
ibm
4.3
2019-11-09 CVE-2018-1721 XML Injection (aka Blind XPath Injection) vulnerability in IBM Cognos Analytics 11.0.0/11.1.0
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-91
8.8
2019-09-17 CVE-2019-4342 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4