CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-29823
https://notcve.org/view.php?id=CVE-2021-29823
01 Sep 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-For... • https://exchange.xforce.ibmcloud.com/vulnerabilities/204465 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-20468
https://notcve.org/view.php?id=CVE-2021-20468
01 Sep 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-For... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196825 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4301
https://notcve.org/view.php?id=CVE-2020-4301
01 Sep 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-For... • https://exchange.xforce.ibmcloud.com/vulnerabilities/176609 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-39047
https://notcve.org/view.php?id=CVE-2021-39047
24 Jun 2022 — IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. IBM Planning Analytics versión 2.0 e IBM Cognos Analytics versiones 11.2.1, 11.2.0 y 11.1.7, son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad perm... • https://exchange.xforce.ibmcloud.com/vulnerabilities/214349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-38945
https://notcve.org/view.php?id=CVE-2021-38945
24 Jun 2022 — IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. IBM Cognos Analytics versiones 11.2.1, 11.2.0 y 11.1.7, podrían permitir a un atacante remoto cargar archivos arbitrarios, causados por una incorrecta comprobación del contenido. IBM X-Force ID: 211238 • https://exchange.xforce.ibmcloud.com/vulnerabilities/211238 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-29768
https://notcve.org/view.php?id=CVE-2021-29768
24 Jun 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, podría permitir a un usuario de bajo nivel obtener información confidencial de los detalles de la página "Cloud Storage" a la que no debería tener acceso. IBM X-Force ID: 202682 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202682 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38946
https://notcve.org/view.php?id=CVE-2021-38946
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. IBM Cognos Analytics 11.1.7, 11.2.0 y 11.1.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario We... • https://exchange.xforce.ibmcloud.com/vulnerabilities/211240 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38905
https://notcve.org/view.php?id=CVE-2021-38905
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7, podría permitir a un usuario autenticado visualizar páginas de informes a las que no debería tener acceso. IBM X-Force ID: 209697 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209697 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38904
https://notcve.org/view.php?id=CVE-2021-38904
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7, podrían permitir a un atacante remoto obtener credenciales del navegador de un usuario por medio de una configuración incorrecta de autocompletar. IBM X-Force ID: 209693 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209693 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38903
https://notcve.org/view.php?id=CVE-2021-38903
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691. IBM Cognos Analytics ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209691 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •