Vulnerabilities > IBM > Cognos Analytics > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-22 CVE-2024-40703 Insufficiently Protected Credentials vulnerability in IBM Cognos Analytics and Cognos Analytics Reports
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key.
local
low complexity
ibm CWE-522
5.5
2024-06-28 CVE-2024-25041 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS).
network
low complexity
ibm CWE-79
5.4
2024-06-28 CVE-2024-25053 Improper Certificate Validation vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection.
network
high complexity
ibm CWE-295
5.9
2023-08-16 CVE-2023-35009 Information Exposure Through an Error Message vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks.
network
low complexity
ibm CWE-209
5.3
2023-08-16 CVE-2023-35011 Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
2023-07-22 CVE-2023-25929 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-07-22 CVE-2023-28530 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations.
network
low complexity
ibm CWE-79
5.4
2023-05-12 CVE-2021-39036 Cross-site Scripting vulnerability in IBM Cognos Analytics 11.1/11.2
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2022-12-19 CVE-2022-39160 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2022-12-19 CVE-2022-43887 Information Exposure Through Log Files vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files.
network
low complexity
ibm CWE-532
5.3