Vulnerabilities > IBM > Cognos Analytics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-09 | CVE-2018-1721 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.5 |
| 2019-09-17 | CVE-2019-4342 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-09-17 | CVE-2019-4183 | Resource Exhaustion vulnerability in multiple products IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. | 7.5 |
| 2019-05-29 | CVE-2019-4139 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0/11.1.1 IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. | 3.5 |
| 2019-04-15 | CVE-2019-4178 | Path Traversal vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. | 6.4 |
| 2018-11-09 | CVE-2018-1842 | Improper Verification of Cryptographic Signature vulnerability in multiple products IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. | 3.3 |
| 2018-05-07 | CVE-2018-1413 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. | 3.5 |
| 2018-03-22 | CVE-2016-9711 | Information Exposure vulnerability in IBM Cognos Analytics 11.0.0 IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. | 5.0 |
| 2018-01-29 | CVE-2017-1784 | Information Exposure vulnerability in multiple products IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. | 2.1 |
| 2018-01-29 | CVE-2017-1783 | Improper Authentication vulnerability in multiple products IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. | 2.1 |