This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2016-07-02
Product Cognos Analytics Last view 2020-08-03
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:ibm:cognos_analytics:11.0.0:*:*:*:*:*:*:* 30
cpe:2.3:a:ibm:cognos_analytics:11.0.1:*:*:*:*:*:*:* 17
cpe:2.3:a:ibm:cognos_analytics:11.0.2:*:*:*:*:*:*:* 17
cpe:2.3:a:ibm:cognos_analytics:11.0.3:*:*:*:*:*:*:* 17
cpe:2.3:a:ibm:cognos_analytics:11.0.4:*:*:*:*:*:*:* 17
cpe:2.3:a:ibm:cognos_analytics:11.1.0:*:*:*:*:*:*:* 14
cpe:2.3:a:ibm:cognos_analytics:11.0.5:*:*:*:*:*:*:* 11
cpe:2.3:a:ibm:cognos_analytics:11.0.6:*:*:*:*:*:*:* 11
cpe:2.3:a:ibm:cognos_analytics:11.0.5.0:*:*:*:*:*:*:* 9
cpe:2.3:a:ibm:cognos_analytics:11.0.6.0:*:*:*:*:*:*:* 9
cpe:2.3:a:ibm:cognos_analytics:11.0.7.0:*:*:*:*:*:*:* 9
cpe:2.3:a:ibm:cognos_analytics:11.0.7:*:*:*:*:*:*:* 6
cpe:2.3:a:ibm:cognos_analytics:11.0.8:*:*:*:*:*:*:* 6
cpe:2.3:a:ibm:cognos_analytics:11.0.9:*:*:*:*:*:*:* 6
cpe:2.3:a:ibm:cognos_analytics:11.0.10:*:*:*:*:*:*:* 6
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* 6
cpe:2.3:a:ibm:cognos_analytics:11.0.11:*:*:*:*:*:*:* 5
cpe:2.3:a:ibm:cognos_analytics:11.0.12:*:*:*:*:*:*:* 5
cpe:2.3:a:ibm:cognos_analytics:11.1.1:*:*:*:*:*:*:* 4
cpe:2.3:a:ibm:cognos_analytics:11.0.13:*:*:*:*:*:*:* 4
cpe:2.3:a:ibm:cognos_analytics:11.0.13:-:*:*:*:*:*:* 4
cpe:2.3:a:ibm:cognos_analytics:11.0.13:fix_pack_1:*:*:*:*:*:* 4
cpe:2.3:a:ibm:cognos_analytics:11.0.13:fix_pack_2:*:*:*:*:*:* 4
cpe:2.3:a:ibm:cognos_analytics:11.0.13:fixpack1:*:*:*:*:*:* 4
cpe:2.3:a:ibm:cognos_analytics:11.0.13:fixpack2:*:*:*:*:*:* 4

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.1 2020-08-03 CVE-2020-4377

IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.

4.3 2020-08-03 CVE-2019-4589

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.

5.3 2020-08-03 CVE-2019-4366

IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.

4.3 2020-04-27 CVE-2019-4729

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.

5.4 2019-12-30 CVE-2019-4623

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924.

6.5 2019-12-30 CVE-2019-4343

IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.

5.4 2019-12-20 CVE-2019-4555

IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.

4.3 2019-12-20 CVE-2019-4231

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.

6.1 2019-11-09 CVE-2019-4645

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.

4.3 2019-11-09 CVE-2019-4334

IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.

8.8 2019-11-09 CVE-2018-1721

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.

5.4 2019-09-17 CVE-2019-4342

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.

7.5 2019-09-17 CVE-2019-4183

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

5.4 2019-05-29 CVE-2019-4139

IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335.

9.1 2019-04-15 CVE-2019-4178

IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.

3.6 2018-11-08 CVE-2018-1842

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.

5.4 2018-05-07 CVE-2018-1413

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819.

5.3 2018-03-22 CVE-2016-9711

IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.

5.5 2018-01-29 CVE-2017-1784

IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

4 2018-01-29 CVE-2017-1783

IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.

7.8 2018-01-29 CVE-2017-1779

IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

5.4 2017-08-29 CVE-2017-1535

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677.

5.4 2017-08-29 CVE-2017-1485

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623.

6.1 2017-08-29 CVE-2017-1428

IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583.

6.1 2017-08-29 CVE-2017-1427

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579.

CWE : Common Weakness Enumeration

%idName
43% (13) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (6) CWE-200 Information Exposure
6% (2) CWE-20 Improper Input Validation
3% (1) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
3% (1) CWE-522 Insufficiently Protected Credentials
3% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (1) CWE-352 Cross-Site Request Forgery (CSRF)
3% (1) CWE-347 Improper Verification of Cryptographic Signature
3% (1) CWE-287 Improper Authentication
3% (1) CWE-269 Improper Privilege Management
3% (1) CWE-91 XML Injection (aka Blind XPath Injection)
3% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...