Latest ibm cognos analytics 11.2.x Vulnerabilities

IBM-6828527
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
CVE-2022-34339
"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
and 4 more
CVE-2022-36773
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose se...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2021-39009
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2021-39045
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2021-29823
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2020-4301
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
CVE-2021-20468
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
IBM-6615285
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
CVE-2022-30614
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerabilit...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
and 4 more
IBM-6597241
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
CVE-2022-29078
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and ove...
Ejs Ejs=3.1.6
redhat/ejs<3.1.7
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
CVE-2022-21803
A flaw was found in the nconf library when setting the configuration properties. This flaw allows an attacker to provide a crafted property, leading to prototype object pollution.
redhat/npm-nconf<0.11.4
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
Nconf Project Nconf<0.11.4
CVE-2022-24758
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error i...
Jupyter Notebook<6.4.10
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
CVE-2021-44532
Node.js could allow a remote attacker to bypass security restrictions, caused by a string injection vulnerability when name constraints were used within a certificate chain. An attacker could exploit ...
redhat/rh-nodejs12-nodejs<0:12.22.12-2.el7
redhat/rh-nodejs14-nodejs<0:14.20.1-2.el7
debian/nodejs<=10.24.0~dfsg-1~deb10u1<=10.24.0~dfsg-1~deb10u3
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
redhat/node<12.22.9
and 19 more
CVE-2022-21824
Node.js could provide weaker than expected security, caused by an error related to the formatting logic of the console.table() function. An attacker could exploit this vulnerability using console.tabl...
redhat/rh-nodejs12-nodejs<0:12.22.12-2.el7
redhat/rh-nodejs14-nodejs<0:14.20.1-2.el7
debian/nodejs<=10.24.0~dfsg-1~deb10u1
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
redhat/node<12.22.9
and 19 more
CVE-2021-44531
Node.js could allow a remote attacker to bypass security restrictions, caused by the improper handling of URI Subject Alternative Name (SAN) types. An attacker could exploit this vulnerability to bypa...
redhat/rh-nodejs12-nodejs<0:12.22.12-2.el7
redhat/rh-nodejs14-nodejs<0:14.20.1-2.el7
debian/nodejs<=10.24.0~dfsg-1~deb10u1<=10.24.0~dfsg-1~deb10u3
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
redhat/node<12.22.9
and 18 more
CVE-2021-44533
Node.js could allow a remote attacker to bypass security restrictions, caused by the incorrect handling of multi-value Relative Distinguished Names. By crafting certificate subjects containing a singl...
redhat/rh-nodejs12-nodejs<0:12.22.12-2.el7
redhat/rh-nodejs14-nodejs<0:14.20.1-2.el7
debian/nodejs<=10.24.0~dfsg-1~deb10u1<=10.24.0~dfsg-1~deb10u3
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
redhat/node<12.22.9
and 20 more
CVE-2021-43797
### Impact Netty currently just skips control chars when these are present at the beginning / end of the header name. We should better fail fast as these are not allowed by the spec and could lead to...
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el8ea
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el7ea
redhat/candlepin<0:4.1.13-1.el7
redhat/candlepin<0:4.1.13-1.el8
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 60 more
CVE-2021-23438
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if...
Mpath Project Mpath<0.8.4
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
CVE-2021-3749
A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources...
redhat/kiali<0:v1.24.7.redhat1-1.el8
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
npm/axios<0.21.2
redhat/axios<0.21.2
Axios Axios<=0.21.1
and 4 more
CVE-2021-3733
Python is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the AbstractBasicAuthHandler class in urllib. By persuading a victim to visit a specially-...
redhat/python3<0:3.6.8-39.el8_4
redhat/rh-python38-babel<0:2.7.0-12.el7
redhat/rh-python38-python<0:3.8.11-2.el7
redhat/rh-python38-python-cryptography<0:2.8-5.el7
redhat/rh-python38-python-jinja2<0:2.10.3-6.el7
redhat/rh-python38-python-lxml<0:4.4.1-7.el7
and 49 more
CVE-2021-28918
Node.js netmask module is vulnerable to server-side request forgery, caused by the improper handling of mixed-format IP addresses. By using a specially-crafted argument using octal literals, an attack...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
Netmask Project Netmask<=1.0.6
CVE-2021-29418
The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access ...
npm/netmask<2.0.1
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
<2.0.1
Netmask Project Netmask<2.0.1
redhat/nodejs-netmask<2.0.1
CVE-2020-28469
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
redhat/nodejs-nodemon<0:2.0.19-1.el9_0
redhat/rh-nodejs14-nodejs-nodemon<0:2.0.3-5.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
redhat/ovirt-engine-ui-extensions<0:1.2.7-1.el8e
redhat/ovirt-web-ui<0:1.7.2-1.el8e
and 6 more
CVE-2020-4051
Dijit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Editor's LinkDialog plugin. A remote attacker could exploit this vulnerability to inject malici...
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
Openjsf Dijit<1.11.11
Openjsf Dijit>=1.12.0<1.12.9
Openjsf Dijit>=1.13.0<1.13.8
Openjsf Dijit>=1.14.0<1.14.7
and 8 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203