Vulnerabilities > IBM > Cognos Analytics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2019-4231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-11-09 | CVE-2019-4645 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 6.1 |
| 2019-11-09 | CVE-2019-4334 | Unspecified vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. | 4.3 |
| 2019-11-09 | CVE-2018-1721 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.8 |
| 2019-09-17 | CVE-2019-4342 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-09-17 | CVE-2019-4183 | Resource Exhaustion vulnerability in multiple products IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. | 7.5 |
| 2019-05-29 | CVE-2019-4139 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0/11.1.1 IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-04-15 | CVE-2019-4178 | Path Traversal vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. | 9.1 |
| 2018-11-09 | CVE-2018-1842 | Improper Verification of Cryptographic Signature vulnerability in multiple products IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. | 3.6 |
| 2018-05-07 | CVE-2018-1413 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. | 5.4 |