Vulnerabilities > Netapp > Oncommand Insight

DATE CVE VULNERABILITY TITLE RISK
2021-06-01 CVE-2019-4723 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page.
network
low complexity
ibm netapp CWE-522
7.5
7.5
2021-06-01 CVE-2019-4724 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page.
network
low complexity
ibm netapp CWE-522
7.5
7.5
2021-06-01 CVE-2019-4730 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
7.1
7.1
2021-06-01 CVE-2020-4300 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
8.2
8.2
2021-06-01 CVE-2020-4354 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
5.4
2021-06-01 CVE-2020-4520 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code.
network
low complexity
ibm netapp CWE-79
8.8
8.8
2021-06-01 CVE-2020-4561 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions.
network
low complexity
ibm netapp CWE-829
critical
 10.0
10
2021-05-19 CVE-2021-3517 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
network
low complexity
xmlsoft redhat fedoraproject debian netapp oracle
8.6
8.6
2021-05-05 CVE-2021-29489 Highcharts JS is a JavaScript charting library based on SVG.
network
low complexity
highcharts netapp
5.4
5.4
2021-04-22 CVE-2021-2307 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging).
local
low complexity
oracle netapp
6.1
6.1