Vulnerabilities > IBM > Cognos Analytics > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-18 | CVE-2024-25042 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2024-12-18 | CVE-2024-41752 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. | 6.1 |
| 2024-12-18 | CVE-2024-45082 | Open Redirect vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.2 |
| 2024-09-22 | CVE-2024-40703 | Insufficiently Protected Credentials vulnerability in IBM Cognos Analytics and Cognos Analytics Reports IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. | 5.5 |
| 2024-06-28 | CVE-2024-25041 | Unspecified vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). | 5.4 |
| 2024-06-28 | CVE-2024-25053 | Unspecified vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. | 5.9 |
| 2024-02-26 | CVE-2022-34357 | IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. | 6.5 |
| 2024-02-26 | CVE-2023-30996 | IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. | 5.3 |
| 2024-02-26 | CVE-2023-32344 | IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. | 4.3 |
| 2024-02-26 | CVE-2023-38359 | IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. | 6.1 |