2022-09-01 | CVE-2021-39045 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. | 5.5 |
2022-06-24 | CVE-2021-29768 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. | 6.5 |
2022-06-24 | CVE-2021-39047 | Cross-site Scripting vulnerability in multiple products IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. | 6.1 |
2022-04-22 | CVE-2021-20464 | XML Entity Expansion vulnerability in multiple products IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. | 6.5 |
2022-04-22 | CVE-2021-29824 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. | 4.3 |
2022-04-22 | CVE-2021-38903 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
2022-04-22 | CVE-2021-38904 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. | 6.5 |
2022-04-22 | CVE-2021-38905 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. | 4.3 |
2022-04-22 | CVE-2021-38946 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. | 5.4 |
2021-12-03 | CVE-2021-20493 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. | 6.1 |