Oncommand Insight

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-12	CVE-2022-22971	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. network low complexity vmware oracle netapp CWE-770	6.5
2022-05-03	CVE-2022-1292	OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. network low complexity openssl debian netapp oracle fedoraproject CWE-78 critical	9.8
2022-04-22	CVE-2021-20464	XML Entity Expansion vulnerability in multiple products IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. network low complexity ibm netapp CWE-776	4.0
2022-04-22	CVE-2021-29824	IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. network low complexity ibm netapp	4.0
2022-04-22	CVE-2021-38886	Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. network ibm netapp CWE-352	6.8
2022-04-22	CVE-2021-38903	Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. network ibm netapp CWE-79	3.5
2022-04-22	CVE-2021-38904	IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. network low complexity ibm netapp	6.5
2022-04-22	CVE-2021-38905	IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. network low complexity ibm netapp	4.3
2022-04-22	CVE-2021-38946	Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. network low complexity ibm netapp CWE-79	5.4
2022-04-19	CVE-2022-21412	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity oracle netapp	4.0