CVE-2021-39009
https://notcve.org/view.php?id=CVE-2021-39009
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local privilegiado. IBM X-Force ID: 213554 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213554 https://security.netapp.com/advisory/ntap-20221014-0005 https://www.ibm.com/support/pages/node/6615285 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-29823
https://notcve.org/view.php?id=CVE-2021-29823
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 204465 • https://exchange.xforce.ibmcloud.com/vulnerabilities/204465 https://security.netapp.com/advisory/ntap-20221014-0005 https://www.ibm.com/support/pages/node/6615285 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-20468
https://notcve.org/view.php?id=CVE-2021-20468
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 196825 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196825 https://security.netapp.com/advisory/ntap-20221014-0005 https://www.ibm.com/support/pages/node/6615285 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-4301
https://notcve.org/view.php?id=CVE-2020-4301
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 176609 • https://exchange.xforce.ibmcloud.com/vulnerabilities/176609 https://security.netapp.com/advisory/ntap-20221014-0005 https://www.ibm.com/support/pages/node/6615285 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-35527 – sqlite: Out of bounds access during table rename
https://notcve.org/view.php?id=CVE-2020-35527
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. En SQLite versión 3.31.1, se presenta un problema de acceso fuera de límites mediante ALTER TABLE para las vistas que tienen una cláusula FROM anidada An out-of-bounds read vulnerability was found in SQLite. This security flaw occurs when the ALTER TABLE for views has a nested FROM clause. This flaw allows an attacker to triage an out-of-bounds read and access confidential data successfully. • https://security.netapp.com/advisory/ntap-20221111-0007 https://www.sqlite.org/src/info/c431b3fd8fd0f6a6 https://access.redhat.com/security/cve/CVE-2020-35527 https://bugzilla.redhat.com/show_bug.cgi?id=2122329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •