Vulnerabilities > IBM > Cognos Analytics > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-01 CVE-2021-39045 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields.
local
low complexity
ibm netapp CWE-522
5.5
2022-06-24 CVE-2021-29768 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access.
network
low complexity
ibm netapp
6.5
2022-06-24 CVE-2021-39047 Cross-site Scripting vulnerability in multiple products
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
6.1
2022-04-22 CVE-2021-20464 XML Entity Expansion vulnerability in multiple products
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user.
network
low complexity
ibm netapp CWE-776
6.5
2022-04-22 CVE-2021-29824 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access.
network
low complexity
ibm netapp
4.3
2022-04-22 CVE-2021-38903 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm netapp CWE-79
5.4
2022-04-22 CVE-2021-38904 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings.
network
low complexity
ibm netapp
6.5
2022-04-22 CVE-2021-38905 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to.
network
low complexity
ibm netapp
4.3
2022-04-22 CVE-2021-38946 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
2021-12-03 CVE-2021-20493 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
6.1