Vulnerabilities > IBM > Cognos Analytics > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2019-4231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-11-09 | CVE-2019-4645 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 6.1 |
| 2019-11-09 | CVE-2019-4334 | Unspecified vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. | 4.3 |
| 2019-09-17 | CVE-2019-4342 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-05-29 | CVE-2019-4139 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0/11.1.1 IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. | 5.4 |
| 2018-05-07 | CVE-2018-1413 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. | 5.4 |
| 2018-03-22 | CVE-2016-9711 | Information Exposure vulnerability in IBM Cognos Analytics 11.0.0 IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. | 5.3 |
| 2018-01-29 | CVE-2017-1784 | Information Exposure vulnerability in multiple products IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. | 5.5 |
| 2018-01-29 | CVE-2017-1783 | Improper Authentication vulnerability in multiple products IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. | 4.0 |
| 2017-08-29 | CVE-2017-1535 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. | 5.4 |