4 results (0.018 seconds)

CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257705 https://security.netapp.com/advisory/ntap-20230921-0005 https://security.netapp.com/advisory/ntap-20240621-0005 https://www.ibm.com/support/pages/node/7026692 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257703 https://security.netapp.com/advisory/ntap-20230831-0014 https://security.netapp.com/advisory/ntap-20240621-0005 https://www.ibm.com/support/pages/node/7026692 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251214 https://security.netapp.com/advisory/ntap-20230814-0005 https://www.ibm.com/support/pages/node/7012621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247861 https://security.netapp.com/advisory/ntap-20230814-0005 https://www.ibm.com/support/pages/node/7012621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •