Ibm Cognos Analytics vulnerabilities

CVE-2018-1721 [HIGH] CWE-91 CVE-2018-1721: IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack whe IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.

CVE-2019-4334 [MEDIUM] CVE-2019-4334: IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.

CVE-2019-4645 [MEDIUM] CWE-79 CVE-2019-4645: IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.

CVE-2019-4183 [HIGH] CWE-400 CVE-2019-4183: IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a r IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

CVE-2019-4342 [MEDIUM] CWE-79 CVE-2019-4342: IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.

CVE-2019-4139 [MEDIUM] CWE-79 CVE-2019-4139: IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerabil IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335.

CVE-2019-4178 [CRITICAL] CWE-22 CVE-2019-4178: IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An atta IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.

CVE-2018-1842 [LOW] CWE-347 CVE-2018-1842: IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.

CVE-2018-1413 [MEDIUM] CWE-79 CVE-2018-1413: IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819.

CVE-2016-9711 [MEDIUM] CWE-200 CVE-2016-9711: IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in det IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.

CVE-2017-1779 [HIGH] CWE-522 CVE-2017-1779: IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local u IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

CVE-2017-1783 [MEDIUM] CWE-287 CVE-2017-1783: IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytic IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.

CVE-2017-1784 [MEDIUM] CWE-200 CVE-2017-1784: IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive inf IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

CVE-2017-1535 [MEDIUM] CWE-79 CVE-2017-1535: IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677.

CVE-2017-1485 [MEDIUM] CWE-79 CVE-2017-1485: IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623.

CVE-2017-1427 [MEDIUM] CWE-79 CVE-2017-1427: IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579.

CVE-2017-1428 [MEDIUM] CWE-20 CVE-2017-1428: IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583.

CVE-2016-3032 [MEDIUM] CWE-79 CVE-2016-3032: IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516.

CVE-2016-3031 [MEDIUM] CWE-79 CVE-2016-3031: IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.

CVE-2016-3015 [MEDIUM] CWE-79 CVE-2016-3015: IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.