Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2019-04-15 |
| Product | Cognos Analytics | Last view | 2020-04-27 |
| Version | 11.0.13 | Type | Application |
| Update | fixpack1 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:cognos_analytics | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2020-04-27 | CVE-2019-4729 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519. |
| 5.4 | 2019-12-20 | CVE-2019-4555 | IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204. |
| 4.3 | 2019-12-20 | CVE-2019-4231 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. |
| 9.1 | 2019-04-15 | CVE-2019-4178 | IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 25% (1) | CWE-200 | Information Exposure |
| 25% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 25% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
