Shodan
Vulnerabilities
Vulnerable Software
Netapp:  Security Vulnerabilities
CVE-2020-10771
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
CVSS Score
7.1
EPSS Score
0.001
Published
2021-06-02
CVE-2021-3516
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-06-01
CVE-2019-4471
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-06-01
CVE-2019-4653
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-06-01
CVE-2019-4722
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-06-01
CVE-2019-4723
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
CVSS Score
4.6
EPSS Score
0.005
Published
2021-06-01
CVE-2019-4724
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.
CVSS Score
4.6
EPSS Score
0.005
Published
2021-06-01
CVE-2019-4730
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.
CVSS Score
7.1
EPSS Score
0.006
Published
2021-06-01
CVE-2020-4300
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.
CVSS Score
8.2
EPSS Score
0.001
Published
2021-06-01
CVE-2020-4354
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506.
CVSS Score
5.4
EPSS Score
0.008
Published
2021-06-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved