📦 Cognos Analytics
by Ibm
🔍 What is Cognos Analytics?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
IBM Cognos Analytics is vulnerable to Expression Language (EL) Injection, allowing remote attackers to execute malicious EL statements. This can lead to sensitive information disclosure, memory exhaus...
CVE-2021-38945 is a critical vulnerability in IBM Cognos Analytics that allows remote attackers to upload arbitrary files due to improper content validation. This affects IBM Cognos Analytics versions...
This vulnerability allows unauthenticated remote attackers to read and write files on IBM Cognos Analytics systems by exploiting the DQM API. It affects IBM Cognos Analytics 11.0 and 11.1 installation...
IBM Cognos Analytics 11.0 and 11.1 contains an XML External Entity (XXE) vulnerability that allows remote attackers to read arbitrary files from the server or cause denial of service through resource ...
This vulnerability in IBM Cognos Analytics allows authenticated users to send specially crafted requests that exhaust memory resources, causing denial of service. It affects multiple versions of IBM C...
IBM Cognos Analytics is vulnerable to XML External Entity Injection (XXE), allowing attackers to read sensitive files from the server or cause denial of service through memory consumption. This affect...
IBM Cognos Analytics has a file upload vulnerability that allows attackers to upload malicious executable files through the web interface without proper content validation. This affects IBM Cognos Ana...
IBM Cognos Analytics versions 11.2.0-11.2.4 and 12.0.0-12.0.2 have improper input validation in application logging, allowing injection attacks. This could enable attackers to manipulate log data and ...
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Analytics versions 11.1.7 and 11.2.0. An attacker could trick authenticated users into performing unauthorized action...
This CSRF vulnerability in IBM Cognos Analytics allows attackers to trick authenticated users into performing unauthorized actions on the My Inbox page. It affects IBM Cognos Analytics 11.1.7 and 11.2...
IBM Cognos Analytics versions 11.1.7 and 11.2.0 have a weak default password policy that doesn't enforce strong passwords. This makes user accounts vulnerable to brute-force attacks and credential gue...
CVE-2021-29745 is a privilege escalation vulnerability in IBM Cognos Analytics where lower-level users can access the 'New Job' page, which should be restricted to higher-privileged users. This allows...
IBM Cognos Analytics 11.0 and 11.1 have a vulnerability where the New Data Server Connection page incorrectly enables autocomplete for credential fields. This allows a remote attacker to potentially e...
IBM Cognos Analytics 11.0 and 11.1 contains an XML External Entity (XXE) vulnerability that allows remote attackers to read arbitrary files from the server or cause denial of service through resource ...
CVE-2020-4300 is an XML External Entity (XXE) vulnerability in IBM Cognos Analytics that allows remote attackers to read arbitrary files from the server or cause denial of service through resource con...
This vulnerability allows remote attackers to inject malicious HTML code into IBM Cognos Analytics. When authenticated users view the compromised content, the attacker's code executes in their browser...
IBM Cognos Analytics stores source code files on the web server that could be accessed by attackers. This vulnerability allows attackers to view sensitive source code that could reveal implementation ...
This directory traversal vulnerability in IBM Cognos Analytics allows remote attackers to read arbitrary files on the server by sending specially crafted URL requests containing '../' sequences. Affec...
IBM Cognos Analytics is vulnerable to HTML injection where attackers can inject malicious HTML that executes in victims' browsers. This affects IBM Cognos Analytics versions 11.2.0-11.2.4 and 12.0.0-1...
This vulnerability allows a local attacker to obtain sensitive API key information from IBM Cognos Analytics and IBM Cognos Analytics Reports for iOS. Attackers could use this information to launch fu...
This CVE describes a cross-site scripting (XSS) vulnerability in IBM Cognos Analytics that allows remote attackers to execute malicious scripts in users' browsers. The vulnerability exists in the Cogn...