CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55907 – IBM Cognos Mobile information disclosure
https://notcve.org/view.php?id=CVE-2024-55907
02 Mar 2025 — IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation. • https://www.ibm.com/support/pages/node/7184429 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0895 – IBM Cognos Mobile information disclosure
https://notcve.org/view.php?id=CVE-2025-0895
02 Mar 2025 — IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. • https://www.ibm.com/support/pages/node/7184430 • CWE-215: Insertion of Sensitive Information Into Debugging Code •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-56340 – IBM Cognos Analytics path traversal
https://notcve.org/view.php?id=CVE-2024-56340
28 Feb 2025 — IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter. • https://github.com/MarioTesoro/CVE-2024-56340 • CWE-23: Relative Path Traversal •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0823 – IBM MQ path traversal
https://notcve.org/view.php?id=CVE-2025-0823
28 Feb 2025 — IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7183676 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49352 – IBM Cognos Anaytics XML external entity injection
https://notcve.org/view.php?id=CVE-2024-49352
05 Feb 2025 — IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7181480 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38009 – IBM Cognos Analytics Mobile information disclosure
https://notcve.org/view.php?id=CVE-2023-38009
26 Jan 2025 — IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. • https://www.ibm.com/support/pages/node/7172691 • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40695 – IBM Cognos Analytics file upload
https://notcve.org/view.php?id=CVE-2024-40695
20 Dec 2024 — IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. • https://www.ibm.com/support/pages/node/7179496 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51466 – IBM Cognos Analytics expression language injection
https://notcve.org/view.php?id=CVE-2024-51466
20 Dec 2024 — IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. • https://www.ibm.com/support/pages/node/7179496 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39081 – IBM Cognos Analytics Mobile information disclosure
https://notcve.org/view.php?id=CVE-2021-39081
19 Dec 2024 — IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Cognos Analytics Mobile para Android 1.1.14 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. • https://www.ibm.com/support/pages/node/6555140 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25042 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2024-25042
18 Dec 2024 — IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. • https://www.ibm.com/support/pages/node/7173592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •