Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Cognos Analytics
Total 83 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38905 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.
CVE-2021-38904 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.
CVE-2021-38903 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.
CVE-2021-38886 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 6.8 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.
CVE-2021-29867 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.
CVE-2021-29824 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.
CVE-2021-29823 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.
CVE-2021-29768 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
CVE-2021-29756 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 6.8 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.
CVE-2021-29745 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 6.5 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.
CVE-2021-29719 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091
CVE-2021-29716 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.
CVE-2021-29679 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 6.5 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.
CVE-2021-20493 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.
CVE-2021-20470 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.
CVE-2021-20468 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.
CVE-2021-20464 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
CVE-2021-20461 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.
CVE-2020-4951 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 2.1 LOW 3.3 LOW
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2020-4561 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 7.5 HIGH 10.0 CRITICAL
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.