| 2022-09-01 | CVE-2022-36773 | XXE vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2022-08-31 | CVE-2022-1259 | A flaw was found in Undertow. | 7.5 |
| 2022-08-31 | CVE-2022-1319 | A flaw was found in Undertow. | 7.5 |
| 2022-08-26 | CVE-2021-3859 | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. | 7.5 |
| 2022-07-20 | CVE-2022-31160 | jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. | 6.1 |
| 2022-07-19 | CVE-2022-34169 | Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. | 7.5 |
| 2022-06-24 | CVE-2021-29768 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. | 6.5 |
| 2022-06-24 | CVE-2021-38945 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. | 9.8 |
| 2022-06-24 | CVE-2021-39047 | Cross-site Scripting vulnerability in multiple products
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. | 6.1 |
| 2022-06-02 | CVE-2022-27778 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | 8.1 |