CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38946
https://notcve.org/view.php?id=CVE-2021-38946
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. IBM Cognos Analytics 11.1.7, 11.2.0 y 11.1.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario We... • https://exchange.xforce.ibmcloud.com/vulnerabilities/211240 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38905
https://notcve.org/view.php?id=CVE-2021-38905
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7, podría permitir a un usuario autenticado visualizar páginas de informes a las que no debería tener acceso. IBM X-Force ID: 209697 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209697 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38904
https://notcve.org/view.php?id=CVE-2021-38904
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7, podrían permitir a un atacante remoto obtener credenciales del navegador de un usuario por medio de una configuración incorrecta de autocompletar. IBM X-Force ID: 209693 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209693 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38903
https://notcve.org/view.php?id=CVE-2021-38903
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691. IBM Cognos Analytics ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209691 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38886
https://notcve.org/view.php?id=CVE-2021-38886
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-For... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209399 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29824
https://notcve.org/view.php?id=CVE-2021-29824
22 Apr 2022 — IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7, es vulnerable a una escalada de privilegios en la que un usuario de nivel inferior podría tener acceso de lectura a la página "Data Connections" a la que no presenta acceso. IBM X-Force ID: 204468 • https://exchange.xforce.ibmcloud.com/vulnerabilities/204468 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20464
https://notcve.org/view.php?id=CVE-2021-20464
22 Apr 2022 — IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. IBM Cognos Analytics PowerPlay (IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.1.7) podría ser vulnerable a un ataque de Bomba XML por parte de un usuario autenticado malicioso. IBM X-Force ID: 196813 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196813 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39080
https://notcve.org/view.php?id=CVE-2021-39080
14 Feb 2022 — Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. Debido a una débil ofuscación, la aplicación IBM Cognos Analytics Mobile para Android versiones anteriores a 1.1.14 , un atacante podría ser capaz de llevar a cabo ingeniería inversa en el código base para consegui... • https://exchange.xforce.ibmcloud.com/vulnerabilities/215593 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39079
https://notcve.org/view.php?id=CVE-2021-39079
14 Feb 2022 — IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. Las aplicaciones de IBM Cognos Analytics Mobile para Android versiones anteriores a 1.1.14, son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/215592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-38909
https://notcve.org/view.php?id=CVE-2021-38909
03 Dec 2021 — IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. IBM Cognos Analytics versiones 11.1.7 y 11.2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alte... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209706 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •