Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Cognos Analytics  >> 11.1.0  Security Vulnerabilities
CVE-2020-4377
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
CVSS Score
8.2
EPSS Score
0.006
Published
2020-08-03
CVE-2019-4366
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.
CVSS Score
2.9
EPSS Score
0.001
Published
2020-08-03
CVE-2019-4729
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-04-27
CVE-2019-4343
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-12-30
CVE-2019-4623
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-12-30
CVE-2019-4231
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-12-20
CVE-2019-4555
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-12-20
CVE-2019-4645
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-09
CVE-2018-1721
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.
CVSS Score
8.3
EPSS Score
0.005
Published
2019-11-09
CVE-2019-4334
IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved