Vulnerabilities > Netapp > Oncommand Insight
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-20 | CVE-2022-38733 | Unspecified vulnerability in Netapp Oncommand Insight OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component. | 8.6 |
2022-09-01 | CVE-2022-2764 | A flaw was found in Undertow. | 4.9 |
2022-09-01 | CVE-2020-4301 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-09-01 | CVE-2021-20468 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-09-01 | CVE-2021-29823 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-09-01 | CVE-2021-39009 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. | 5.5 |
2022-09-01 | CVE-2021-39045 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. | 5.5 |
2022-09-01 | CVE-2022-30614 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. | 7.5 |
2022-09-01 | CVE-2022-36773 | XXE vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
2022-08-31 | CVE-2022-1259 | A flaw was found in Undertow. | 7.5 |