CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-25929 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-25929
22 Jul 2023 — IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247861 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-39160 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2022-39160
19 Dec 2022 — IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064. IBM Cognos Analytics 11.2.1, 11.2.0 y 11.1.7 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alter... • https://exchange.xforce.ibmcloud.com/vulnerabilities/235064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-43883 – IBM Cognos Analytics data manipulation
https://notcve.org/view.php?id=CVE-2022-43883
19 Dec 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. IBM Cognos Analytics 11.1.7, 11.2.0 y 11.2.1 podrían ser vulnerables a un ataque de inyección de registros al construir URL a partir de datos controlados por el usuario. Esto podría permitir a los atacantes realizar solicitudes arbitraria... • https://exchange.xforce.ibmcloud.com/vulnerabilities/240266 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-43887 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2022-43887
19 Dec 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450. IBM Cognos Analytics 11.1.7, 11.2.0 y 11.2.1 podrían ser vulnerables a la exposición de información confidencial al pasar claves API a archivos de registro. Si estas claves contienen información confidencial, podrían provocar más ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240450 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2022-38708 – IBM Cognos Analytics server-side request forgery
https://notcve.org/view.php?id=CVE-2022-38708
19 Dec 2022 — IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180. IBM Cognos Analytics 11.1.7 11.2.0 y 11.2.1 podrían ser vulnerables a un ataque de Server-Side Request Forgery (SSRF) al construir URL a partir de datos controlados por el usuario. Esto podría permitir a los ata... • https://exchange.xforce.ibmcloud.com/vulnerabilities/234180 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-34339
https://notcve.org/view.php?id=CVE-2022-34339
03 Nov 2022 — "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 almacena las credenciales del usuario en texto plano y sin formato que puede ser leído por un usuario autenticado. IBM X-Force ID: 229963". • https://www.ibm.com/support/pages/node/6828527 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-36773
https://notcve.org/view.php?id=CVE-2022-36773
01 Sep 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1 es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información... • https://exchange.xforce.ibmcloud.com/vulnerabilities/233571 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30614
https://notcve.org/view.php?id=CVE-2022-30614
01 Sep 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a una denegación de servicio por inundación de correo electrónico causada por el envío de una petición especialmente diseñada. Un atacante remoto podría apr... • https://exchange.xforce.ibmcloud.com/vulnerabilities/227591 •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39045
https://notcve.org/view.php?id=CVE-2021-39045
01 Sep 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, podrían permitir a un atacante local obtener información debido a la funcionalidad autocomplete en los campos de entrada de contraseñas. IBM X-Force ID: 214345 • https://exchange.xforce.ibmcloud.com/vulnerabilities/214345 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39009
https://notcve.org/view.php?id=CVE-2021-39009
01 Sep 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local privilegiado. IBM X-Force ID: 213554 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213554 • CWE-312: Cleartext Storage of Sensitive Information •