Vulnerabilities > IBM > Cognos Analytics

DATE CVE VULNERABILITY TITLE RISK
2019-09-17 CVE-2019-4183 Resource Exhaustion vulnerability in multiple products
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources.
network
low complexity
ibm netapp CWE-400
7.5
2019-05-29 CVE-2019-4139 Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0/11.1.1
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-04-15 CVE-2019-4178 Path Traversal vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
critical
9.1
2018-11-09 CVE-2018-1842 Improper Verification of Cryptographic Signature vulnerability in multiple products
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token.
local
high complexity
ibm netapp CWE-347
3.6
2018-05-07 CVE-2018-1413 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
2018-03-22 CVE-2016-9711 Information Exposure vulnerability in IBM Cognos Analytics 11.0.0
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system.
network
low complexity
ibm CWE-200
5.3
2018-01-29 CVE-2017-1784 Information Exposure vulnerability in multiple products
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user.
local
low complexity
ibm netapp CWE-200
5.5
2018-01-29 CVE-2017-1783 Improper Authentication vulnerability in multiple products
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication.
local
low complexity
ibm netapp CWE-287
4.0
2018-01-29 CVE-2017-1779 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user.
local
low complexity
ibm netapp CWE-522
7.8
2017-08-29 CVE-2017-1535 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4