CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38886
https://notcve.org/view.php?id=CVE-2021-38886
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-For... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209399 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29824
https://notcve.org/view.php?id=CVE-2021-29824
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7, es vulnerable a una escalada de privilegios en la que un usuario de nivel inferior podría tener acceso de lectura a la página "Data Connections" a la que no presenta acceso. IBM X-Force ID: 204468 • https://exchange.xforce.ibmcloud.com/vulnerabilities/204468 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20464
https://notcve.org/view.php?id=CVE-2021-20464
22 Apr 2022 — IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. IBM Cognos Analytics PowerPlay (IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7) podría ser vulnerable a un ataque de Bomba XML por parte de un usuario autenticado malicioso. IBM X-Force ID: 196813 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196813 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •