CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35009 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2023-35009
16 Aug 2023 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257703 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-28530 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-28530
22 Jul 2023 — IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-25929 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-25929
22 Jul 2023 — IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247861 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28953 – IBM Cognos Analytics on Cloud Pak for Data improper access control
https://notcve.org/view.php?id=CVE-2023-28953
10 Jul 2023 — IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251465 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39036 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2021-39036
12 May 2023 — IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213966 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-39160 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2022-39160
19 Dec 2022 — IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064. IBM Cognos Analytics 11.2.1, 11.2.0 y 11.1.7 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alter... • https://exchange.xforce.ibmcloud.com/vulnerabilities/235064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-43883 – IBM Cognos Analytics data manipulation
https://notcve.org/view.php?id=CVE-2022-43883
19 Dec 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. IBM Cognos Analytics 11.1.7, 11.2.0 y 11.2.1 podrían ser vulnerables a un ataque de inyección de registros al construir URL a partir de datos controlados por el usuario. Esto podría permitir a los atacantes realizar solicitudes arbitraria... • https://exchange.xforce.ibmcloud.com/vulnerabilities/240266 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-43887 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2022-43887
19 Dec 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450. IBM Cognos Analytics 11.1.7, 11.2.0 y 11.2.1 podrían ser vulnerables a la exposición de información confidencial al pasar claves API a archivos de registro. Si estas claves contienen información confidencial, podrían provocar más ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240450 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2022-38708 – IBM Cognos Analytics server-side request forgery
https://notcve.org/view.php?id=CVE-2022-38708
19 Dec 2022 — IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180. IBM Cognos Analytics 11.1.7 11.2.0 y 11.2.1 podrían ser vulnerables a un ataque de Server-Side Request Forgery (SSRF) al construir URL a partir de datos controlados por el usuario. Esto podría permitir a los ata... • https://exchange.xforce.ibmcloud.com/vulnerabilities/234180 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-34339
https://notcve.org/view.php?id=CVE-2022-34339
03 Nov 2022 — "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 almacena las credenciales del usuario en texto plano y sin formato que puede ser leído por un usuario autenticado. IBM X-Force ID: 229963". • https://www.ibm.com/support/pages/node/6828527 • CWE-312: Cleartext Storage of Sensitive Information •