Cognos Analytics

11.1

MAJOR_MINOR 26 CVEs

11.1.7

SEMANTIC 27 CVEs

11.1.7, 11.2.4, 12.0.0

OTHER 3 CVEs

11.0.5

SEMANTIC 3 CVEs

11.0.2

SEMANTIC 3 CVEs

11.0.3

SEMANTIC 3 CVEs

11.0.6

SEMANTIC 3 CVEs

11.0.7

SEMANTIC 3 CVEs

11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3

OTHER 1 CVE

11.1, 11.2

OTHER 3 CVEs

11.0.4

SEMANTIC 3 CVEs

11

SINGLE_NUMBER 2 CVEs

11.2.4

SEMANTIC 5 CVEs

12.0.0

SEMANTIC 5 CVEs

11.1.7, 11.2.0, 11.2.1

OTHER 5 CVEs

11.1.7 11.2.0, 11.2.1

OTHER 1 CVE

11.0.1

SEMANTIC 3 CVEs

e

OTHER 2 CVEs

11.1.0

SEMANTIC 1 CVE

12.0.3

SEMANTIC 3 CVEs

11.2.0

SEMANTIC 32 CVEs

11.0

MAJOR_MINOR 36 CVEs

11.1.1

SEMANTIC 1 CVE

11.2.1

SEMANTIC 17 CVEs

11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

OTHER 3 CVEs

12.0.4

SEMANTIC 2 CVEs

CVE-2021-39045

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.

MEDIUM Sep 01, 2022

CVE-2021-39009

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

MEDIUM Sep 01, 2022

CVE-2020-4301

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

MEDIUM Sep 01, 2022

CVE-2021-39047

IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.

MEDIUM Jun 24, 2022

CVE-2021-38945

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

MEDIUM Jun 24, 2022

CVE-2021-38946

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.

MEDIUM Apr 22, 2022

CVE-2021-38905

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.

MEDIUM Apr 22, 2022

CVE-2021-38903

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.

MEDIUM Apr 22, 2022

CVE-2021-38909

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.

MEDIUM Dec 03, 2021

CVE-2020-4951

IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.

MEDIUM Oct 15, 2021