CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-1784
https://notcve.org/view.php?id=CVE-2017-1784
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858. IBM Cognos Analytics 11.0 podría producir resultados en archivos temporales que contengan información altamente sensible que puede ser leída por un usuario local. IBM X-Force ID: 136858. • http://www.ibm.com/support/docview.wss?uid=swg22011561 http://www.securitytracker.com/id/1040299 https://exchange.xforce.ibmcloud.com/vulnerabilities/136858 https://security.netapp.com/advisory/ntap-20190329-0003 https://security.netapp.com/advisory/ntap-20190401-0003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-1779
https://notcve.org/view.php?id=CVE-2017-1779
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. IBM Cognos Analytics 11.0 podría almacenar localmente credenciales en caché que podrían ser obtenidas por un usuario local. IBM X-Force ID: 136824. • http://www.ibm.com/support/docview.wss?uid=swg22011561 http://www.securityfocus.com/bid/102858 http://www.securitytracker.com/id/1040299 https://exchange.xforce.ibmcloud.com/vulnerabilities/136824 https://security.netapp.com/advisory/ntap-20190329-0003 https://security.netapp.com/advisory/ntap-20190401-0003 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1427
https://notcve.org/view.php?id=CVE-2017-1427
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579. IBM Cognos Analytics 11.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22007242 https://exchange.xforce.ibmcloud.com/vulnerabilities/127579 https://security.netapp.com/advisory/ntap-20190329-0003 https://security.netapp.com/advisory/ntap-20190401-0003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1485
https://notcve.org/view.php?id=CVE-2017-1485
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. IBM Cognos Analytics 11.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22007242 https://exchange.xforce.ibmcloud.com/vulnerabilities/128623 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1535
https://notcve.org/view.php?id=CVE-2017-1535
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677. IBM Cognos Analytics 11.0 es vulnerable a Cross-Site Scripting (XSS) Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. Esto podría desembocar en una revelación de credenciales en una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22007242 http://www.securityfocus.com/bid/100834 https://exchange.xforce.ibmcloud.com/vulnerabilities/130677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •