Vulnerabilities > IBM > Cognos Analytics > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-22 | CVE-2023-25929 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 5.4 |
2023-07-22 | CVE-2023-28530 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. | 5.4 |
2023-05-12 | CVE-2021-39036 | Unspecified vulnerability in IBM Cognos Analytics 11.1/11.2 IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 6.1 |
2022-12-19 | CVE-2022-39160 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. | 6.1 |
2022-12-19 | CVE-2022-43887 | Information Exposure Through Log Files vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. | 5.3 |
2022-11-03 | CVE-2022-34339 | Cleartext Storage of Sensitive Information vulnerability in IBM Cognos Analytics "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. | 6.5 |
2022-09-01 | CVE-2020-4301 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-09-01 | CVE-2021-20468 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-09-01 | CVE-2021-29823 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-09-01 | CVE-2021-39009 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. | 5.5 |