CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2018-1842 |
2 Ibm, Netapp |
2 Cognos Analytics, Oncommand Insight |
2019-10-09 |
3.3 |
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. |
CVE-2016-9711 |
1 Ibm |
1 Cognos Analytics |
2019-10-09 |
5.0 |
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619. |
CVE-2019-4342 |
1 Ibm |
1 Cognos Analytics |
2019-10-09 |
3.5 |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... |
CVE-2019-4183 |
1 Ibm |
1 Cognos Analytics |
2019-10-09 |
7.8 |
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. |
CVE-2017-1779 |
2 Ibm, Netapp |
2 Cognos Analytics, Oncommand Insight |
2019-10-03 |
2.1 |
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. |
CVE-2017-1783 |
2 Ibm, Netapp |
2 Cognos Analytics, Oncommand Insight |
2019-10-03 |
2.1 |
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857. |
CVE-2016-3031 |
1 Ibm |
1 Cognos Analytics |
2019-09-30 |
3.5 |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... |
CVE-2017-1784 |
2 Ibm, Netapp |
2 Cognos Analytics, Oncommand Insight |
2019-09-30 |
2.1 |
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858. |
CVE-2016-3015 |
1 Ibm |
1 Cognos Analytics |
2019-09-30 |
3.5 |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... |
CVE-2016-0217 |
1 Ibm |
1 Cognos Analytics |
2019-09-30 |
3.5 |
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a... |
CVE-2019-4139 |
1 Ibm |
1 Cognos Analytics |
2019-09-30 |
3.5 |
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
CVE-2019-4178 |
1 Ibm |
1 Cognos Analytics |
2019-05-09 |
6.4 |
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. |
CVE-2018-1413 |
2 Ibm, Netapp |
2 Cognos Analytics, Oncommand Insight |
2019-04-27 |
3.5 |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... |
CVE-2017-1535 |
1 Ibm |
1 Cognos Analytics |
2017-09-17 |
3.5 |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... |
CVE-2017-1428 |
1 Ibm |
1 Cognos Analytics |
2017-09-01 |
5.8 |
IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and... |
CVE-2017-1485 |
1 Ibm |
1 Cognos Analytics |
2017-09-01 |
3.5 |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... |
CVE-2017-1427 |
1 Ibm |
1 Cognos Analytics |
2017-09-01 |
4.3 |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... |
CVE-2016-3032 |
1 Ibm |
1 Cognos Analytics |
2017-05-15 |
3.5 |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... |
CVE-2016-0398 |
1 Ibm |
1 Cognos Analytics |
2016-07-05 |
4.3 |
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL. |