Latest ibm cognos analytics Vulnerabilities

CVE-2024-25047
IBM Cognos Analytics log injection
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM-7149874
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM-7123154
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2023-43051
IBM Cognos Analytics cross-site scripting
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2022-34357
IBM Cognos Analytics Mobile Server denial of service
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2023-30996
IBM Cognos Analytics cross-origin resource sharing
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2023-32344
IBM Cognos Analytics cross-site request forgery
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2023-38359
IBM Cognos Analytics cross-site scripting
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2023-45857
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host ...
npm/axios>=0.8.1<0.28.0
npm/axios>=1.0.0<1.6.0
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
redhat/axios<1.6.0
and 1 more
CVE-2023-5072
DoS Vulnerability in JSON-Java
Json-java Project Json-java<=20230618
maven/org.json:json<=20230618
redhat/org.json<20231013
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
CVE-2023-44981
Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
Apache ZooKeeper<3.7.2
Apache ZooKeeper>=3.8.0<3.8.3
Apache ZooKeeper=3.9.0
maven/org.apache.zookeeper:zookeeper>=3.9.0<3.9.1
maven/org.apache.zookeeper:zookeeper>=3.8.0<3.8.3
maven/org.apache.zookeeper:zookeeper<3.7.2
and 15 more
CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 568 more
CVE-2023-39410
Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
pip/avro>=0<1.11.3
maven/org.apache.avro:avro<1.11.3
Apache Avro<1.11.3
redhat/apache-avro<1.11.3
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
and 1 more
IBM-7026692
IBM Cognos Analytics<=12.0
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
CVE-2023-35011
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially...
IBM Cognos Analytics<=12.0
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.4
IBM Cognos Analytics=11.1.7
and 11 more
CVE-2023-35009
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could...
IBM Cognos Analytics<=12.0
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.4
IBM Cognos Analytics=11.1.7
and 11 more
CVE-2023-3817
Excessive time spent checking DH q parameter value
OpenSSL OpenSSL>=3.0.0<3.0.10
OpenSSL OpenSSL>=3.1.0<3.1.2
OpenSSL OpenSSL=1.0.2
OpenSSL OpenSSL=1.0.2-beta1
OpenSSL OpenSSL=1.0.2-beta2
OpenSSL OpenSSL=1.0.2-beta3
and 75 more
IBM-7012621
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
CVE-2023-28530
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability...
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.4
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 7 more
CVE-2023-25929
d3-color is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted string that starts with the letter 'A' to the rgb() and hrc() functions, a remote att...
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.4
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 7 more
CVE-2023-30588
Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By accessing public key info of provided certificates from user code, an attacker could exp...
Nodejs Node.js>=16.0.0<16.20.1
Nodejs Node.js>=18.0.0<18.16.1
Nodejs Node.js>=20.0.0<20.3.1
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
and 2 more
CVE-2023-26136
Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of Cookies when using CookieJar in rejectPu...
Salesforce Tough-cookie<4.1.3
npm/tough-cookie<4.1.3
redhat/tough-cookie<4.1.3
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2023-30589
Node.js is vulnerable to HTTP request smuggling, caused by the failure to strictly use the CRLF sequence to delimit HTTP requests by the llhttp parser in the http module. By sending specially crafted ...
Nodejs Node.js=16.0.0
Nodejs Node.js=18.0.0
Nodejs Node.js=20.0.0
Nodejs Node.js=20.2.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
and 9 more
CVE-2023-34462
netty-handler SniHandler 16MB allocation
Netty Netty<4.1.94
maven/io.netty:netty-handler<4.1.94.Final
debian/netty<=1:4.1.48-4+deb11u1
redhat/netty<4.1.94.
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
CVE-2021-39036
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote...
IBM Cognos Analytics=11.1
IBM Cognos Analytics=11.2
CVE-2023-31484
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Cpanpm Project Cpanpm<2.35
Perl Perl<5.38.0
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
CVE-2023-0464
Excessive Resource Usage Verifying X.509 Policy Constraints
OpenSSL OpenSSL>=1.0.2<1.0.2zh
OpenSSL OpenSSL>=1.1.1<1.1.1u
OpenSSL OpenSSL>=3.0.0<3.0.9
OpenSSL OpenSSL>=3.1.0<3.1.1
debian/openssl<=1.1.1n-0+deb10u3
redhat/openssl<3.1.1
and 5 more
CVE-2022-48285
A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded ...
IBM Cognos Analytics<=12.0
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
Jszip Project Jszip<3.8.0
CVE-2023-0215
Use-after-free following BIO_new_NDEF
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
redhat/edk2<0:20220126gitbb1bba3d77-2.el8_6.1
redhat/openssl<1:1.1.1k-9.el8_6
and 28 more
CVE-2022-40897
Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attacker could exploit this vulnera...
Python Setuptools<65.5.1
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2022-23539
A flaw was found in the jsonwebtoken package. The affected versions of the `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For exa...
Auth0 Jsonwebtoken<=8.5.1
redhat/jsonwebtoken<9.0.0
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
CVE-2022-23541
A flaw was found in the jsonwebtoken library. Affected versions of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function will result in incorrect verifi...
Auth0 Jsonwebtoken<=8.5.1
redhat/jsonwebtoken<9.0.0
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
CVE-2022-23540
A flaw was found in the jsonwebtoken library. In affected versions of the jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify() function may lead to signatur...
Auth0 Jsonwebtoken<=8.5.1
redhat/jsonwebtoken<9.0.0
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
CVE-2022-43883
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to ...
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
IBM Cognos Analytics>=11.1.0<=11.1.7
IBM Cognos Analytics>=11.2.0<=11.2.3
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
and 3 more
CVE-2022-38708
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to ...
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
IBM Cognos Analytics>=11.1.0<=11.1.7
IBM Cognos Analytics>=11.2.0<=11.2.3
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
and 3 more
CVE-2022-39160
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct...
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<=11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2022-43887
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to fu...
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<=11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
IBM-6841801
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x
CVE-2022-1471
Remote Code execution in SnakeYAML
Snakeyaml Project Snakeyaml<2.0
maven/org.yaml:snakeyaml<=1.33
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
<2.0
CVE-2022-24999
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying pr...
Qs Project Qs<6.2.4
Qs Project Qs>=6.3.0<6.3.3
Qs Project Qs>=6.5.0<6.5.3
Qs Project Qs>=6.7.0<6.7.3
Qs Project Qs>=6.8.0<6.8.3
Qs Project Qs>=6.9.0<6.9.7
and 28 more
CVE-2022-41854
Stack Overflow in Snakeyaml
redhat/eap7-snakeyaml<0:1.33.0-2.SP1_redhat_00001.1.el8ea
redhat/eap7-snakeyaml<0:1.33.0-2.SP1_redhat_00001.1.el9ea
redhat/eap7-snakeyaml<0:1.33.0-2.SP1_redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:18.0.7-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.7-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak<0:18.0.7-1.redhat_00001.1.el9
and 8 more
CVE-2022-34339
"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
and 4 more
CVE-2022-30614
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerabilit...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2022-36773
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose se...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2021-39009
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2021-39045
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2021-29823
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2020-4301
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2021-20468
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2022-36364
Apache Calcite Avatica could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the JDBC driver. By sending a specially-crafted request, an attacker could exploit thi...
Apache Apache Calcite Avatica<1.22.0
IBM Cognos Analytics<=11.2.x
IBM Cognos Analytics<=11.1.x

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203