Filtered by vendor Ibm
Subscriptions
Filtered by product Cognos Analytics
Subscriptions
Total
83 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-25929 | 1 Ibm | 1 Cognos Analytics | 2024-08-02 | 4.6 Medium |
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. | ||||
CVE-2024-25053 | 1 Ibm | 1 Cognos Analytics | 2024-08-01 | 5.9 Medium |
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364. | ||||
CVE-2024-25041 | 1 Ibm | 1 Cognos Analytics | 2024-08-01 | 5.4 Medium |
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780. |