Vulnerabilities > Netapp > Oncommand Insight
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-24 | CVE-2021-3629 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 5.9 |
| 2022-05-12 | CVE-2022-22970 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. | 5.3 |
| 2022-05-12 | CVE-2022-22971 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. | 6.5 |
| 2022-05-03 | CVE-2022-1292 | OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. | 9.8 |
| 2022-04-22 | CVE-2021-20464 | XML Entity Expansion vulnerability in multiple products IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. | 6.5 |
| 2022-04-22 | CVE-2021-29824 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. | 4.3 |
| 2022-04-22 | CVE-2021-38886 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-04-22 | CVE-2021-38903 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2022-04-22 | CVE-2021-38904 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. | 6.5 |
| 2022-04-22 | CVE-2021-38905 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. | 4.3 |