cognos_analytics

11.1.7

SEMANTIC 3 CVEs

11.2.0

SEMANTIC 1 CVE

11.2.1

SEMANTIC 1 CVE

11.2.4

SEMANTIC 2 CVEs

11.2.0 <= 11.2.4, 12.0.0 <= 12.0.2

OTHER 1 CVE

12.0.0

SEMANTIC 2 CVEs

CVE-2024-25047

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

HIGH May 02, 2024

CVE-2023-30996

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.

MEDIUM Feb 24, 2024

CVE-2023-38359

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744.

MEDIUM Feb 24, 2024

CVE-2023-35009

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.

MEDIUM Aug 16, 2023