Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Cognos Analytics  >> 11.1.2  Security Vulnerabilities
CVE-2021-29823
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-01
CVE-2021-29768
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-24
CVE-2021-38945
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-06-24
CVE-2021-39047
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-06-24
CVE-2021-38909
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-12-03
CVE-2021-29867
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-03
CVE-2021-29719
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091
CVSS Score
5.3
EPSS Score
0.002
Published
2021-12-03
CVE-2021-29756
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-03
CVE-2021-29716
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.
CVSS Score
2.7
EPSS Score
0.004
Published
2021-12-03
CVE-2021-20493
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-12-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved