Vulnerabilities > IBM > Cognos Analytics > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-26 | CVE-2023-43051 | IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. | 5.4 |
| 2023-08-16 | CVE-2023-35009 | Information Exposure Through an Error Message vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. | 5.3 |
| 2023-08-16 | CVE-2023-35011 | Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2023-07-22 | CVE-2023-25929 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 5.4 |
| 2023-07-22 | CVE-2023-28530 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. | 5.4 |
| 2023-05-12 | CVE-2021-39036 | Unspecified vulnerability in IBM Cognos Analytics 11.1/11.2 IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 6.1 |
| 2022-12-19 | CVE-2022-39160 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. | 6.1 |
| 2022-12-19 | CVE-2022-43887 | Information Exposure Through Log Files vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. | 5.3 |
| 2022-11-03 | CVE-2022-34339 | Cleartext Storage of Sensitive Information vulnerability in IBM Cognos Analytics "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. | 6.5 |
| 2022-09-01 | CVE-2020-4301 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |