Cognos Business Intelligence

10.2

MAJOR_MINOR 4 CVEs

10.1

MAJOR_MINOR 3 CVEs

10.2.1

SEMANTIC 4 CVEs

8.4

MAJOR_MINOR 2 CVEs

10.2.2

SEMANTIC 4 CVEs

2

SINGLE_NUMBER 4 CVEs

10.1.1

SEMANTIC 3 CVEs

8.3.0

SEMANTIC 2 CVEs

10.2.1.1

OTHER 4 CVEs

10

SINGLE_NUMBER 3 CVEs

8.4.1

SEMANTIC 2 CVEs

CVE-2016-8960

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.

UNKNOWN Mar 27, 2017

CVE-2016-9985

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

UNKNOWN Mar 08, 2017

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

UNKNOWN Feb 01, 2017

CVE-2016-0217

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

UNKNOWN Feb 01, 2017