Vulnerabilities > IBM > Cognos Analytics > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-22 CVE-2023-25929 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-07-22 CVE-2023-28530 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations.
network
low complexity
ibm CWE-79
5.4
2023-05-12 CVE-2021-39036 Unspecified vulnerability in IBM Cognos Analytics 11.1/11.2
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm
6.1
2022-12-19 CVE-2022-39160 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2022-12-19 CVE-2022-43887 Information Exposure Through Log Files vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files.
network
low complexity
ibm CWE-532
5.3
2022-11-03 CVE-2022-34339 Cleartext Storage of Sensitive Information vulnerability in IBM Cognos Analytics
"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-312
6.5
2022-09-01 CVE-2020-4301 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
6.5
2022-09-01 CVE-2021-20468 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
6.5
2022-09-01 CVE-2021-29823 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
6.5
2022-09-01 CVE-2021-39009 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user.
local
low complexity
ibm netapp CWE-312
5.5