CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4354
https://notcve.org/view.php?id=CVE-2020-4354
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506. IBM Cognos Analytics versiones 11.0 y 11.1 es vulnerable a ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista que potencialmente conllevando a la divulgación de credenciales dentro de una sesión de confianza. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178506 https://security.netapp.com/advisory/ntap-20210622-0004 https://www.ibm.com/support/pages/node/6451705 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4300
https://notcve.org/view.php?id=CVE-2020-4300
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607. IBM Cognos Analytics versiones 11.0 y 11.1 es vulnerable a un ataque de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176607 https://security.netapp.com/advisory/ntap-20210622-0004 https://www.ibm.com/support/pages/node/6451705 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4730
https://notcve.org/view.php?id=CVE-2019-4730
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. IBM Cognos Analytics versiones 11.0 y 11.1 es vulnerable a un ataque de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172533 https://security.netapp.com/advisory/ntap-20210622-0004 https://www.ibm.com/support/pages/node/6451705 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4724
https://notcve.org/view.php?id=CVE-2019-4724
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. IBM Cognos Analytics versiones 11.0 y 11.1 podrían permitir a un atacante remoto obtener credenciales del navegador de un usuario por medio de una configuración incorrecta de autocompletar en la página New Content Backup. IBM X-Force ID: 172130 • https://exchange.xforce.ibmcloud.com/vulnerabilities/172130 https://security.netapp.com/advisory/ntap-20210622-0004 https://www.ibm.com/support/pages/node/6451705 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4723
https://notcve.org/view.php?id=CVE-2019-4723
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. IBM Cognos Analytics versiones 11.0 y 11.1 podrían permitir a un atacante remoto obtener credenciales del navegador de un usuario por medio de una configuración incorrecta de autocompletar en la página New Data Server Connection. ID de IBM X-Force: 172129 • https://exchange.xforce.ibmcloud.com/vulnerabilities/172129 https://security.netapp.com/advisory/ntap-20210622-0004 https://www.ibm.com/support/pages/node/6451705 • CWE-522: Insufficiently Protected Credentials •