Vulnerabilities > IBM > Cognos Business Intelligence

DATE CVE VULNERABILITY TITLE RISK
2019-12-20 CVE-2018-1934 Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Business Intelligence 10.2.2
IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2018-04-23 CVE-2017-1764 Insufficiently Protected Credentials vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user.
local
high complexity
ibm CWE-522
7.0
2018-04-23 CVE-2017-1486 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-06-07 CVE-2016-0254 XXE vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
6.5
2017-04-17 CVE-2016-3038 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2
IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-17 CVE-2016-3037 Information Exposure vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2
IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key.
network
low complexity
ibm CWE-200
5.7
2017-04-17 CVE-2016-3036 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2
IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets.
network
low complexity
ibm CWE-119
7.5
2017-03-27 CVE-2016-8960 Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests.
network
low complexity
ibm CWE-264
8.8
2017-03-08 CVE-2016-9985 Information Exposure Through Log Files vulnerability in IBM Cognos Business Intelligence 10.1.1/10.2
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-532
5.5
2017-02-01 CVE-2016-0218 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4