Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Cognos Analytics  >> 11.0.0  Security Vulnerabilities
CVE-2021-20461
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-06-30
CVE-2019-4471
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-06-01
CVE-2019-4653
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-06-01
CVE-2019-4722
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-06-01
CVE-2019-4723
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
CVSS Score
4.6
EPSS Score
0.004
Published
2021-06-01
CVE-2019-4724
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.
CVSS Score
4.6
EPSS Score
0.004
Published
2021-06-01
CVE-2019-4730
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.
CVSS Score
7.1
EPSS Score
0.006
Published
2021-06-01
CVE-2020-4300
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.
CVSS Score
8.2
EPSS Score
0.004
Published
2021-06-01
CVE-2020-4354
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-06-01
CVE-2020-4520
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.
CVSS Score
7.1
EPSS Score
0.004
Published
2021-06-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved