All the vulnerabilites related to IBM - Cognos Analytics
cve-2024-25042
Vulnerability from cvelistv5
Published
2024-12-18 16:20
Modified
2024-12-18 19:34
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3
is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7173592 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 ≤ 11.2.4 Version: 12.0.0 ≤ 12.0.3 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-25042", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-18T19:34:20.464608Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-18T19:34:34.507Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "11.2.4", "status": "affected", "version": "11.2.0", "versionType": "semver" }, { "lessThanOrEqual": "12.0.3", "status": "affected", "version": "12.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e" } ], "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\n\nis potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T16:20:06.155Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7173592" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site scripting", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-25042", "datePublished": "2024-12-18T16:20:06.155Z", "dateReserved": "2024-02-03T14:49:33.093Z", "dateUpdated": "2024-12-18T19:34:34.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39047
Vulnerability from cvelistv5
Published
2022-06-24 15:35
Modified
2024-09-16 16:22
Severity ?
EPSS score ?
Summary
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6565099 | x_refsource_CONFIRM | |
https://www.ibm.com/support/pages/node/6597241 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/214349 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220729-0002/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6565099" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202139047-xss (214349)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214349" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-06-22T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/PR:N/I:L/UI:R/AC:L/A:N/S:C/C:L/AV:N/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-29T19:06:41", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6565099" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202139047-xss (214349)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214349" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-06-22T00:00:00", "ID": "CVE-2021-39047", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6565099", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6565099 (Planning Analytics)", "url": "https://www.ibm.com/support/pages/node/6565099" }, { "name": "https://www.ibm.com/support/pages/node/6597241", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6597241 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202139047-xss (214349)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214349" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-39047", "datePublished": "2022-06-24T15:35:26.010998Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T16:22:59.856Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4139
Vulnerability from cvelistv5
Published
2019-05-29 15:10
Modified
2024-09-16 16:18
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335.
References
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=ibm10883872 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/158335 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/108527 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20190617-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1.0 Version: 11.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:28.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10883872" }, { "name": "ibm-cognos-cve20194139-xss (158335)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158335" }, { "name": "108527", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108527" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190617-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1.0" }, { "status": "affected", "version": "11.1.1" } ] } ], "datePublic": "2019-05-23T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/PR:L/AC:L/A:N/I:L/C:L/UI:R/S:C/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-17T18:06:04", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10883872" }, { "name": "ibm-cognos-cve20194139-xss (158335)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158335" }, { "name": "108527", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108527" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190617-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-05-23T00:00:00", "ID": "CVE-2019-4139", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1.0" }, { "version_value": "11.1.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=ibm10883872", "refsource": "CONFIRM", "title": "IBM Security Bulletin 883872 (Cognos Analytics)", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10883872" }, { "name": "ibm-cognos-cve20194139-xss (158335)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158335" }, { "name": "108527", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108527" }, { "name": "https://security.netapp.com/advisory/ntap-20190617-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190617-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4139", "datePublished": "2019-05-29T15:10:24.253198Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T16:18:10.502Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4555
Vulnerability from cvelistv5
Published
2019-12-20 16:25
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1138588 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/166204 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20200103-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:47.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1138588" }, { "name": "ibm-cognos-cve20194555-xss (166204)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200103-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-12-19T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/I:L/S:C/C:L/UI:R/A:N/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-03T10:06:09", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1138588" }, { "name": "ibm-cognos-cve20194555-xss (166204)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200103-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-12-19T00:00:00", "ID": "CVE-2019-4555", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1138588", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1138588 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1138588" }, { "name": "ibm-cognos-cve20194555-xss (166204)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166204" }, { "name": "https://security.netapp.com/advisory/ntap-20200103-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200103-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4555", "datePublished": "2019-12-20T16:25:25.449663Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T23:30:25.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4520
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/182395 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204520-html-injection (182395)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182395" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/C:H/PR:L/S:U/I:H/UI:R/AV:N/AC:H/A:H/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:07:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204520-html-injection (182395)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182395" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2020-4520", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "H", "I": "H", "PR": "L", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204520-html-injection (182395)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182395" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4520", "datePublished": "2021-05-31T15:10:43.979403Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T02:52:12.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25929
Vulnerability from cvelistv5
Published
2023-07-22 01:45
Modified
2024-10-21 17:51
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1, 11.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:05.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7012621" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247861" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230814-0005/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-25929", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T17:47:03.389292Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T17:51:04.699Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1, 11.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861." } ], "value": "IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-22T01:45:13.409Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7012621" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247861" }, { "url": "https://security.netapp.com/advisory/ntap-20230814-0005/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site scripting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-25929", "datePublished": "2023-07-22T01:45:13.409Z", "dateReserved": "2023-02-16T16:39:45.212Z", "dateUpdated": "2024-10-21T17:51:04.699Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43051
Vulnerability from cvelistv5
Published
2024-02-24 15:40
Modified
2024-08-02 19:37
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267451.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7, 11.2.4, 12.0.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-43051", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-27T15:36:35.526772Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:57.273Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T19:37:23.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267451" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240322-0008/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7, 11.2.4, 12.0.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267451." } ], "value": "IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267451." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-24T15:40:44.399Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267451" }, { "url": "https://security.netapp.com/advisory/ntap-20240322-0008/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site scripting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-43051", "datePublished": "2024-02-24T15:40:44.399Z", "dateReserved": "2023-09-15T01:12:28.344Z", "dateUpdated": "2024-08-02T19:37:23.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4723
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/172129 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:49.192Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194723-info-disc (172129)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172129" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user\u0027s browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/C:H/I:N/S:U/AC:L/A:N/UI:N/AV:P/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:07:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194723-info-disc (172129)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172129" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2019-4723", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user\u0027s browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "P", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194723-info-disc (172129)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172129" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4723", "datePublished": "2021-05-31T15:10:40.553640Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T01:46:36.206Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4301
Vulnerability from cvelistv5
Published
2022-09-01 19:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:06.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve20204301-csrf (176609)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176609" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/I:L/C:N/AV:N/UI:R/A:N/S:U/PR:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve20204301-csrf (176609)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176609" }, { "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4301", "datePublished": "2022-09-01T19:00:24.592074Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:06:09.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4623
Vulnerability from cvelistv5
Published
2019-12-30 15:35
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1146424 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/168924 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1146424" }, { "name": "ibm-cognos-cve20194623-xss (168924)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168924" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-12-20T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/UI:R/AC:L/AV:N/I:L/PR:L/A:N/C:L/S:C/E:H/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-30T15:35:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1146424" }, { "name": "ibm-cognos-cve20194623-xss (168924)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168924" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-12-20T00:00:00", "ID": "CVE-2019-4623", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1146424", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1146424 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1146424" }, { "name": "ibm-cognos-cve20194623-xss (168924)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168924" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4623", "datePublished": "2019-12-30T15:35:22.225214Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T00:06:17.491Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35011
Vulnerability from cvelistv5
Published
2023-08-16 22:46
Modified
2024-10-01 18:19
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7, 11.2.0, 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:17:04.215Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7026692" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257705" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230921-0005/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0005/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35011", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-01T18:13:32.887161Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-01T18:19:41.613Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7, 11.2.0, 11.2.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705." } ], "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-16T22:48:38.229Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7026692" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257705" }, { "url": "https://security.netapp.com/advisory/ntap-20230921-0005/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0005/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics server-side request forgey", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-35011", "datePublished": "2023-08-16T22:46:33.755Z", "dateReserved": "2023-06-11T20:38:02.325Z", "dateUpdated": "2024-10-01T18:19:41.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1783
Vulnerability from cvelistv5
Published
2018-01-29 16:00
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.
References
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22011561 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/136857 | x_refsource_MISC | |
http://www.securitytracker.com/id/1040299 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102863 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20190401-0003/ | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190329-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.0.1 Version: 11.0.2 Version: 11.0.3 Version: 11.0.4 Version: 11.0.5 Version: 11.0.6 Version: 11.0.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:32.285Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857" }, { "name": "1040299", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040299" }, { "name": "102863", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102863" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.0.1" }, { "status": "affected", "version": "11.0.2" }, { "status": "affected", "version": "11.0.3" }, { "status": "affected", "version": "11.0.4" }, { "status": "affected", "version": "11.0.5" }, { "status": "affected", "version": "11.0.6" }, { "status": "affected", "version": "11.0.7" } ] } ], "datePublic": "2018-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857." } ], "problemTypes": [ { "descriptions": [ { "description": "Data Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-01T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857" }, { "name": "1040299", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040299" }, { "name": "102863", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102863" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-01-24T00:00:00", "ID": "CVE-2017-1783", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.0.1" }, { "version_value": "11.0.2" }, { "version_value": "11.0.3" }, { "version_value": "11.0.4" }, { "version_value": "11.0.5" }, { "version_value": "11.0.6" }, { "version_value": "11.0.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Data Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22011561", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857" }, { "name": "1040299", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040299" }, { "name": "102863", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102863" }, { "name": "https://security.netapp.com/advisory/ntap-20190401-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "name": "https://security.netapp.com/advisory/ntap-20190329-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1783", "datePublished": "2018-01-29T16:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T00:20:51.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4366
Vulnerability from cvelistv5
Published
2020-08-03 12:35
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6252853 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/161748 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:38.147Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20194366-info-disc (161748)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161748" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2020-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2.6, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/AV:L/UI:N/A:N/I:N/S:U/C:L/AC:H/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-03T12:35:36", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20194366-info-disc (161748)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161748" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-30T00:00:00", "ID": "CVE-2019-4366", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6252853", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6252853 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20194366-info-disc (161748)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161748" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4366", "datePublished": "2020-08-03T12:35:36.114437Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T20:06:51.978Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4951
Vulnerability from cvelistv5
Published
2021-10-15 15:55
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6491661 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/192027 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211112-0005/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.388Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve20204951-info-disc (192027)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192027" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.5, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/PR:N/A:N/S:U/UI:N/AC:L/C:L/I:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-12T08:06:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve20204951-info-disc (192027)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192027" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-10-14T00:00:00", "ID": "CVE-2020-4951", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "L", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6491661", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6491661 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve20204951-info-disc (192027)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192027" }, { "name": "https://security.netapp.com/advisory/ntap-20211112-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4951", "datePublished": "2021-10-15T15:55:17.303053Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T18:34:01.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-9711
Vulnerability from cvelistv5
Published
2018-03-22 12:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103495 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=swg22014337 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/119619 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:59:03.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103495", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103495" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014337" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119619" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" } ] } ], "datePublic": "2018-03-19T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-03-27T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "103495", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103495" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014337" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119619" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-03-19T00:00:00", "ID": "CVE-2016-9711", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "103495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103495" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22014337", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22014337" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119619", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119619" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-9711", "datePublished": "2018-03-22T12:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-17T00:16:43.520Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30614
Vulnerability from cvelistv5
Published
2022-09-01 19:00
Modified
2024-09-17 00:57
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202230614-dos (227591)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:N/AV:N/AC:L/I:N/S:U/UI:N/A:H/PR:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202230614-dos (227591)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591" }, { "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-30614", "datePublished": "2022-09-01T19:00:28.959064Z", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-09-17T00:57:07.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-41752
Vulnerability from cvelistv5
Published
2024-12-18 16:07
Modified
2024-12-18 19:37
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7177223 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 ≤ 11.2.4 Version: 12.0.0 ≤ 12.0.3 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-41752", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-18T19:36:51.734065Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-18T19:37:04.686Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "11.2.4", "status": "affected", "version": "11.2.0", "versionType": "semver" }, { "lessThanOrEqual": "12.0.3", "status": "affected", "version": "12.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/span\u003e" } ], "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T16:07:14.012Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7177223" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics HTML injection", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-41752", "datePublished": "2024-12-18T16:07:14.012Z", "dateReserved": "2024-07-22T12:02:37.814Z", "dateUpdated": "2024-12-18T19:37:04.686Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29756
Vulnerability from cvelistv5
Published
2021-12-03 17:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6520510 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/202167 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211223-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129756-csrf (202167)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202167" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/C:N/I:L/AV:N/A:N/PR:N/S:U/AC:L/UI:R/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-23T12:06:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129756-csrf (202167)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202167" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-12-02T00:00:00", "ID": "CVE-2021-29756", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "N", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6520510", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6520510 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129756-csrf (202167)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202167" }, { "name": "https://security.netapp.com/advisory/ntap-20211223-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29756", "datePublished": "2021-12-03T17:00:28.506976Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T19:47:16.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38708
Vulnerability from cvelistv5
Published
2022-12-19 20:12
Modified
2024-08-03 11:02
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6841801 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/234180 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7 11.2.0, 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:02:14.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6841801" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234180" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7 11.2.0, 11.2.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.\u003c/span\u003e\n\n" } ], "value": "\nIBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T20:12:17.865Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6841801" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234180" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics server-side request forgery", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-38708", "datePublished": "2022-12-19T20:12:17.865Z", "dateReserved": "2022-08-23T16:35:16.509Z", "dateUpdated": "2024-08-03T11:02:14.466Z", "requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39160
Vulnerability from cvelistv5
Published
2022-12-19 20:57
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6841801 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/235064 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7, 11.2.0, 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.638Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6841801" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235064" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7, 11.2.0, 11.2.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.\u003c/span\u003e\n\n" } ], "value": "\nIBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T20:57:35.505Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6841801" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235064" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site scripting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-39160", "datePublished": "2022-12-19T20:57:35.505Z", "dateReserved": "2022-09-01T20:20:58.937Z", "dateUpdated": "2024-08-03T11:10:32.638Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32344
Vulnerability from cvelistv5
Published
2024-02-24 15:29
Modified
2024-08-02 15:10
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: e |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-32344", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-26T17:42:02.722942Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:00.245Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T15:10:24.890Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255898" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240405-0002/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "e" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898." } ], "value": "IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-24T15:29:33.526Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255898" }, { "url": "https://security.netapp.com/advisory/ntap-20240405-0002/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site request forgery", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-32344", "datePublished": "2024-02-24T15:29:33.526Z", "dateReserved": "2023-05-08T18:32:52.655Z", "dateUpdated": "2024-08-02T15:10:24.890Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39009
Vulnerability from cvelistv5
Published
2022-09-01 19:00
Modified
2024-09-17 04:10
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.684Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202139009-info-disc (213554)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.9, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/AV:L/AC:L/I:N/S:U/A:N/UI:N/PR:H/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202139009-info-disc (213554)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554" }, { "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-39009", "datePublished": "2022-09-01T19:00:27.281805Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T04:10:04.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29824
Vulnerability from cvelistv5
Published
2022-04-22 16:30
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6570957 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/204468 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220602-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.150Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202129824-info-disc (204468)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204468" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the \u0027Data Connections\u0027 page to which they don\u0027t have access. IBM X-Force ID: 204468." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2.7, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/AV:N/I:N/A:N/UI:N/C:L/S:U/AC:H/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-02T19:06:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202129824-info-disc (204468)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204468" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2021-29824", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the \u0027Data Connections\u0027 page to which they don\u0027t have access. IBM X-Force ID: 204468." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6570957", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6570957 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202129824-info-disc (204468)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204468" }, { "name": "https://security.netapp.com/advisory/ntap-20220602-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29824", "datePublished": "2022-04-22T16:30:31.057868Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T02:01:11.764Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20493
Vulnerability from cvelistv5
Published
2021-12-03 17:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6520510 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/197794 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211223-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:44.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202120493-xss (197794)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197794" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/UI:R/S:C/AC:L/A:N/PR:N/I:L/AV:N/C:L/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-23T12:06:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202120493-xss (197794)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197794" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-12-02T00:00:00", "ID": "CVE-2021-20493", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6520510", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6520510 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202120493-xss (197794)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197794" }, { "name": "https://security.netapp.com/advisory/ntap-20211223-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20493", "datePublished": "2021-12-03T17:00:24.294064Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T23:46:52.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20470
Vulnerability from cvelistv5
Published
2021-12-03 17:00
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6520510 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/196939 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211223-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:24.333Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202120470-info-disc (196939)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196939" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/S:U/AC:H/I:N/AV:N/A:N/PR:N/C:H/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-23T12:06:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202120470-info-disc (196939)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196939" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-12-02T00:00:00", "ID": "CVE-2021-20470", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6520510", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6520510 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202120470-info-disc (196939)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196939" }, { "name": "https://security.netapp.com/advisory/ntap-20211223-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20470", "datePublished": "2021-12-03T17:00:22.867476Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-17T03:17:46.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4334
Vulnerability from cvelistv5
Published
2019-11-09 01:41
Modified
2024-09-16 23:10
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1074144 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/161271 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.982Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20194334-info-disc (161271)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161271" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-11-05T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:L/A:N/S:U/AC:L/AV:N/PR:L/UI:N/I:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-09T01:41:07", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20194334-info-disc (161271)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161271" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-11-05T00:00:00", "ID": "CVE-2019-4334", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1074144", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1074144 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20194334-info-disc (161271)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161271" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4334", "datePublished": "2019-11-09T01:41:07.261819Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T23:10:34.273Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4231
Vulnerability from cvelistv5
Published
2019-12-20 16:25
Modified
2024-09-17 04:24
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1138588 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/159356 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20200103-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1138588" }, { "name": "ibm-cognos-cve20194231-csrf (159356)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159356" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200103-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-12-19T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/AV:N/PR:N/I:L/C:N/S:U/UI:R/A:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-03T10:06:08", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1138588" }, { "name": "ibm-cognos-cve20194231-csrf (159356)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159356" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200103-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-12-19T00:00:00", "ID": "CVE-2019-4231", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "N", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1138588", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1138588 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1138588" }, { "name": "ibm-cognos-cve20194231-csrf (159356)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159356" }, { "name": "https://security.netapp.com/advisory/ntap-20200103-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200103-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4231", "datePublished": "2019-12-20T16:25:25.056264Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T04:24:14.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43883
Vulnerability from cvelistv5
Published
2022-12-19 20:47
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6841801 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/240266 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7, 11.2.0, 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6841801" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240266" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7, 11.2.0, 11.2.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.\u003c/span\u003e\n\n" } ], "value": "\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "117 Improper Output Neutralization for Logs", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T20:47:46.352Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6841801" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240266" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics data manipulation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43883", "datePublished": "2022-12-19T20:47:46.352Z", "dateReserved": "2022-10-26T15:46:22.831Z", "dateUpdated": "2024-08-03T13:40:06.596Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4377
Vulnerability from cvelistv5
Published
2020-08-03 12:35
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6252853 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/179156 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.378Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20204377-xxe (179156)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179156" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2020-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/AC:L/PR:N/AV:N/I:N/S:U/UI:N/A:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-03T12:35:37", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20204377-xxe (179156)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179156" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-30T00:00:00", "ID": "CVE-2020-4377", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6252853", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6252853 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20204377-xxe (179156)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179156" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4377", "datePublished": "2020-08-03T12:35:37.675063Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:02:41.773Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29679
Vulnerability from cvelistv5
Published
2021-10-15 15:55
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6491661 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199915 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211112-0005/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:11:06.365Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve202129679-code-exec (199915)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199915" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/AV:N/S:U/A:H/UI:N/I:H/AC:L/C:H/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-12T08:06:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve202129679-code-exec (199915)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199915" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-10-14T00:00:00", "ID": "CVE-2021-29679", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "H", "I": "H", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6491661", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6491661 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve202129679-code-exec (199915)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199915" }, { "name": "https://security.netapp.com/advisory/ntap-20211112-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29679", "datePublished": "2021-10-15T15:55:18.978232Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T01:21:01.928Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4729
Vulnerability from cvelistv5
Published
2020-04-27 13:25
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6193425 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/172519 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20200504-0002/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:49.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6193425" }, { "name": "ibm-cognos-cve20194729-info-disc (172519)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172519" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200504-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2020-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/I:N/AC:L/A:N/PR:L/UI:N/AV:N/C:L/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-04T08:06:08", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6193425" }, { "name": "ibm-cognos-cve20194729-info-disc (172519)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172519" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200504-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-04-24T00:00:00", "ID": "CVE-2019-4729", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6193425", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6193425 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6193425" }, { "name": "ibm-cognos-cve20194729-info-disc (172519)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172519" }, { "name": "https://security.netapp.com/advisory/ntap-20200504-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200504-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4729", "datePublished": "2020-04-27T13:25:16.506390Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T22:08:47.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-40703
Vulnerability from cvelistv5
Published
2024-09-22 12:20
Modified
2024-09-22 15:27
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7160700 | vendor-advisory | |
https://www.ibm.com/support/pages/node/7168038 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics_reports:11.0.0.7:*:*:*:*:ios:*:* |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-40703", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-22T15:27:21.725190Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-22T15:27:30.186Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics_reports:11.0.0.7:*:*:*:*:ios:*:*" ], "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3" } ] }, { "defaultStatus": "unaffected", "platforms": [ "iOS" ], "product": "Cognos Analytics Reports", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0.0.7" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications." } ], "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-22T12:20:28.223Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7160700" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7168038" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics information disclosure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-40703", "datePublished": "2024-09-22T12:20:28.223Z", "dateReserved": "2024-07-08T19:31:12.238Z", "dateUpdated": "2024-09-22T15:27:30.186Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1427
Vulnerability from cvelistv5
Published
2017-08-29 21:00
Modified
2024-09-16 17:44
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579.
References
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22007242 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/127579 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20190401-0003/ | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190329-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:29.805Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127579" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" } ] } ], "datePublic": "2017-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-01T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127579" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-08-25T00:00:00", "ID": "CVE-2017-1427", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22007242", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127579", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127579" }, { "name": "https://security.netapp.com/advisory/ntap-20190401-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "name": "https://security.netapp.com/advisory/ntap-20190329-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1427", "datePublished": "2017-08-29T21:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T17:44:00.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34357
Vulnerability from cvelistv5
Published
2024-02-24 15:38
Modified
2024-08-03 09:07
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7, 11.2.4, 12.0.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-34357", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-26T17:23:35.934602Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:57.147Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T09:07:16.134Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230510" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240405-0001/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7, 11.2.4, 12.0.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510." } ], "value": "IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-24T15:38:49.771Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230510" }, { "url": "https://security.netapp.com/advisory/ntap-20240405-0001/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics Mobile Server denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-34357", "datePublished": "2024-02-24T15:38:49.771Z", "dateReserved": "2022-06-23T13:42:39.341Z", "dateUpdated": "2024-08-03T09:07:16.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38946
Vulnerability from cvelistv5
Published
2022-04-22 16:30
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6570957 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/211240 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220602-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138946-xss (211240)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211240" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/PR:L/I:L/A:N/UI:R/C:L/AC:L/S:C/E:H/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-02T19:06:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138946-xss (211240)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211240" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2021-38946", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6570957", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6570957 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138946-xss (211240)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211240" }, { "name": "https://security.netapp.com/advisory/ntap-20220602-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38946", "datePublished": "2022-04-22T16:30:38.614752Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T20:42:18.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1721
Vulnerability from cvelistv5
Published
2019-11-09 01:41
Modified
2024-09-16 19:55
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1074144 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/147369 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:07:44.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20181721-xxe (147369)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147369" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-11-05T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/AV:N/AC:L/C:H/A:L/I:H/UI:N/PR:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-09T01:41:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20181721-xxe (147369)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147369" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-11-05T00:00:00", "ID": "CVE-2018-1721", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "H", "I": "H", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1074144", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1074144 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20181721-xxe (147369)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147369" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1721", "datePublished": "2019-11-09T01:41:06.797474Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T19:55:39.776Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38904
Vulnerability from cvelistv5
Published
2022-04-22 16:30
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6570957 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209693 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220602-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138904-info-disc (209693)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209693" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user\u0027s browser via incorrect autocomplete settings. IBM X-Force ID: 209693." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/AV:P/PR:N/UI:N/A:N/S:U/AC:L/C:H/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-02T19:06:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138904-info-disc (209693)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209693" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2021-38904", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user\u0027s browser via incorrect autocomplete settings. IBM X-Force ID: 209693." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "P", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6570957", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6570957 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138904-info-disc (209693)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209693" }, { "name": "https://security.netapp.com/advisory/ntap-20220602-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38904", "datePublished": "2022-04-22T16:30:35.618488Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T23:01:48.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4722
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/172128 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194722-info-disc (172128)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172128" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/UI:N/PR:L/C:L/I:N/S:U/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:06:58", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194722-info-disc (172128)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172128" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2019-4722", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194722-info-disc (172128)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172128" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4722", "datePublished": "2021-05-31T15:10:39.811632Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T01:51:55.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25047
Vulnerability from cvelistv5
Published
2024-05-02 20:09
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cognos_analytics", "vendor": "ibm", "versions": [ { "status": "affected", "version": "11.2.0 \u003c= 11.2.4, 12.0.0 \u003c= 12.0.2" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-25047", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-09T16:08:03.801871Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:35:50.331Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:36:21.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7149874" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956." } ], "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-02T20:09:21.479Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7149874" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics log injection", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-25047", "datePublished": "2024-05-02T20:09:21.479Z", "dateReserved": "2024-02-03T14:49:33.094Z", "dateUpdated": "2024-08-01T23:36:21.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1784
Vulnerability from cvelistv5
Published
2018-01-29 16:00
Modified
2024-09-16 17:04
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.
References
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22011561 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/136858 | x_refsource_MISC | |
http://www.securitytracker.com/id/1040299 | vdb-entry, x_refsource_SECTRACK | |
https://security.netapp.com/advisory/ntap-20190401-0003/ | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190329-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.0.1 Version: 11.0.2 Version: 11.0.3 Version: 11.0.4 Version: 11.0.5 Version: 11.0.6 Version: 11.0.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:32.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136858" }, { "name": "1040299", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040299" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.0.1" }, { "status": "affected", "version": "11.0.2" }, { "status": "affected", "version": "11.0.3" }, { "status": "affected", "version": "11.0.4" }, { "status": "affected", "version": "11.0.5" }, { "status": "affected", "version": "11.0.6" }, { "status": "affected", "version": "11.0.7" } ] } ], "datePublic": "2018-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858." } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-01T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136858" }, { "name": "1040299", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040299" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-01-24T00:00:00", "ID": "CVE-2017-1784", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.0.1" }, { "version_value": "11.0.2" }, { "version_value": "11.0.3" }, { "version_value": "11.0.4" }, { "version_value": "11.0.5" }, { "version_value": "11.0.6" }, { "version_value": "11.0.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22011561", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136858", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136858" }, { "name": "1040299", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040299" }, { "name": "https://security.netapp.com/advisory/ntap-20190401-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "name": "https://security.netapp.com/advisory/ntap-20190329-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1784", "datePublished": "2018-01-29T16:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T17:04:03.205Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4302
Vulnerability from cvelistv5
Published
2020-10-12 13:20
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6346922 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/176610 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6346922" }, { "name": "ibm-cognos-cve20204302-code-exec (176610)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176610" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2020-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/UI:R/I:L/S:U/C:L/A:L/PR:L/AV:N/AC:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-12T13:20:28", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6346922" }, { "name": "ibm-cognos-cve20204302-code-exec (176610)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176610" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-10-09T00:00:00", "ID": "CVE-2020-4302", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6346922", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6346922 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6346922" }, { "name": "ibm-cognos-cve20204302-code-exec (176610)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176610" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4302", "datePublished": "2020-10-12T13:20:28.623898Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T01:51:19.069Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20464
Vulnerability from cvelistv5
Published
2022-04-22 16:30
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6570957 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/196813 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220602-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:24.238Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202120464-dos (196813)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196813" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:N/AC:L/S:U/A:H/UI:N/AV:N/PR:L/I:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-02T19:06:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202120464-dos (196813)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196813" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2021-20464", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6570957", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6570957 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202120464-dos (196813)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196813" }, { "name": "https://security.netapp.com/advisory/ntap-20220602-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20464", "datePublished": "2022-04-22T16:30:29.386454Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T20:32:28.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4342
Vulnerability from cvelistv5
Published
2019-09-17 19:05
Modified
2024-09-17 01:12
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1073530 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/161421 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20191009-0001/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.990Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1073530" }, { "name": "ibm-cognos-cve20194342-xss (161421)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161421" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20191009-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-09-13T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/S:C/I:L/PR:L/C:L/UI:R/A:N/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-09T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1073530" }, { "name": "ibm-cognos-cve20194342-xss (161421)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161421" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20191009-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-09-13T00:00:00", "ID": "CVE-2019-4342", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1073530", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1073530 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1073530" }, { "name": "ibm-cognos-cve20194342-xss (161421)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161421" }, { "name": "https://security.netapp.com/advisory/ntap-20191009-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191009-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4342", "datePublished": "2019-09-17T19:05:24.031339Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T01:12:20.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1535
Vulnerability from cvelistv5
Published
2017-08-29 21:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/130677 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100834 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=swg22007242 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:29.965Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130677" }, { "name": "100834", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100834" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" } ] } ], "datePublic": "2017-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677." } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-16T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130677" }, { "name": "100834", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100834" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-08-25T00:00:00", "ID": "CVE-2017-1535", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130677", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130677" }, { "name": "100834", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100834" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22007242", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1535", "datePublished": "2017-08-29T21:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T00:46:44.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20468
Vulnerability from cvelistv5
Published
2022-09-01 19:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:24.186Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202120468-csrf (196825)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196825" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/I:L/AV:N/C:N/A:N/UI:R/S:U/PR:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202120468-csrf (196825)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196825" }, { "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20468", "datePublished": "2022-09-01T19:00:25.473635Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T16:48:06.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29719
Vulnerability from cvelistv5
Published
2021-12-03 17:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6520510 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/201091 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211223-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:02.217Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129719-info-disc (201091)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201091" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:L/AV:N/I:N/PR:N/A:N/AC:L/S:U/UI:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-23T12:06:14", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129719-info-disc (201091)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201091" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-12-02T00:00:00", "ID": "CVE-2021-29719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091" } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6520510", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6520510 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129719-info-disc (201091)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201091" }, { "name": "https://security.netapp.com/advisory/ntap-20211223-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29719", "datePublished": "2021-12-03T17:00:27.135870Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T22:30:03.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1842
Vulnerability from cvelistv5
Published
2018-11-09 00:00
Modified
2024-09-16 17:48
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/150902 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10738249 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1042031 | vdb-entry, x_refsource_SECTRACK | |
https://security.netapp.com/advisory/ntap-20190401-0003/ | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190329-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:14:38.471Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-cognos-cve20181842-auth-bypass(150902)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150902" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10738249" }, { "name": "1042031", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1042031" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11" } ] } ], "datePublic": "2018-11-05T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.2, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:L/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Bypass Security", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-01T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-cognos-cve20181842-auth-bypass(150902)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150902" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10738249" }, { "name": "1042031", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1042031" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-11-05T00:00:00", "ID": "CVE-2018-1842", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Bypass Security" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-cognos-cve20181842-auth-bypass(150902)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150902" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10738249", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10738249" }, { "name": "1042031", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042031" }, { "name": "https://security.netapp.com/advisory/ntap-20190401-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "name": "https://security.netapp.com/advisory/ntap-20190329-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1842", "datePublished": "2018-11-09T00:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T17:48:44.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1485
Vulnerability from cvelistv5
Published
2017-08-29 21:00
Modified
2024-09-16 23:55
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623.
References
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22007242 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/128623 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:29.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" } ] } ], "datePublic": "2017-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-29T20:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-08-25T00:00:00", "ID": "CVE-2017-1485", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22007242", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128623", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128623" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1485", "datePublished": "2017-08-29T21:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T23:55:34.623Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38945
Vulnerability from cvelistv5
Published
2022-06-24 15:35
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6597241 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/211238 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220729-0002/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202138945-file-upload (211238)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211238" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-06-22T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/I:H/PR:L/UI:R/AC:L/A:N/S:U/C:L/AV:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-29T19:06:31", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202138945-file-upload (211238)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211238" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-06-22T00:00:00", "ID": "CVE-2021-38945", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "H", "PR": "L", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6597241", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6597241 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202138945-file-upload (211238)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211238" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38945", "datePublished": "2022-06-24T15:35:24.596054Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T01:51:36.445Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4724
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/172130 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194724-info-disc (172130)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172130" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user\u0027s browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/AV:P/UI:N/I:N/S:U/PR:N/C:H/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:07:08", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194724-info-disc (172130)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172130" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2019-4724", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user\u0027s browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "P", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194724-info-disc (172130)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172130" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4724", "datePublished": "2021-05-31T15:10:41.229984Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T00:16:18.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29867
Vulnerability from cvelistv5
Published
2021-12-03 17:00
Modified
2024-09-16 23:00
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6520510 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/206212 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211223-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.222Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129867-priv-escalation (206212)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206212" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/AC:L/S:U/PR:L/A:N/AV:N/I:L/C:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-23T12:06:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129867-priv-escalation (206212)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206212" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-12-02T00:00:00", "ID": "CVE-2021-29867", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6520510", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6520510 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129867-priv-escalation (206212)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206212" }, { "name": "https://security.netapp.com/advisory/ntap-20211223-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29867", "datePublished": "2021-12-03T17:00:30.001686Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T23:00:57.148Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20461
Vulnerability from cvelistv5
Published
2021-06-30 13:25
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6466729 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/196770 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210720-0007/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:24.332Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6466729" }, { "name": "ibm-cognos-cve202120461-gain-access (196770)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196770" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210720-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-06-29T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/C:N/A:N/I:L/AC:L/PR:L/UI:N/S:U/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T10:06:48", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6466729" }, { "name": "ibm-cognos-cve202120461-gain-access (196770)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196770" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210720-0007/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-29T00:00:00", "ID": "CVE-2021-20461", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6466729", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6466729 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6466729" }, { "name": "ibm-cognos-cve202120461-gain-access (196770)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196770" }, { "name": "https://security.netapp.com/advisory/ntap-20210720-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210720-0007/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20461", "datePublished": "2021-06-30T13:25:12.039304Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T22:30:55.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39036
Vulnerability from cvelistv5
Published
2023-05-12 00:49
Modified
2024-08-04 01:58
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1, 11.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.225Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://https://www.ibm.com/support/pages/node/6986505" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213966" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230622-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1, 11.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966." } ], "value": "IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-12T00:49:10.920Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://https://www.ibm.com/support/pages/node/6986505" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213966" }, { "url": "https://security.netapp.com/advisory/ntap-20230622-0003/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site scripting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-39036", "datePublished": "2023-05-12T00:49:10.920Z", "dateReserved": "2021-08-16T18:59:46.267Z", "dateUpdated": "2024-08-04T01:58:17.225Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38359
Vulnerability from cvelistv5
Published
2024-02-24 15:27
Modified
2024-08-02 17:39
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: e |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cognos_analytics", "vendor": "ibm", "versions": [ { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.4" }, { "status": "affected", "version": "12.0.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-38359", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-26T19:24:11.612613Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-11T17:52:13.907Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:12.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260744" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240405-0003/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "e" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744." } ], "value": "IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-24T15:27:07.898Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260744" }, { "url": "https://security.netapp.com/advisory/ntap-20240405-0003/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site scripting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-38359", "datePublished": "2024-02-24T15:27:07.898Z", "dateReserved": "2023-07-16T00:53:13.213Z", "dateUpdated": "2024-08-02T17:39:12.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1413
Vulnerability from cvelistv5
Published
2018-05-07 13:00
Modified
2024-09-17 03:34
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1040889 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=swg22016039 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/138819 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/104117 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20190401-0003/ | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190329-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:59:39.071Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1040889", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040889" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016039" }, { "name": "ibm-cognos-cve20181413-xss(138819)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138819" }, { "name": "104117", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104117" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" } ] } ], "datePublic": "2018-05-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-01T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1040889", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040889" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016039" }, { "name": "ibm-cognos-cve20181413-xss(138819)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138819" }, { "name": "104117", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104117" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-05-04T00:00:00", "ID": "CVE-2018-1413", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "1040889", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040889" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22016039", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22016039" }, { "name": "ibm-cognos-cve20181413-xss(138819)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138819" }, { "name": "104117", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104117" }, { "name": "https://security.netapp.com/advisory/ntap-20190401-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "name": "https://security.netapp.com/advisory/ntap-20190329-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1413", "datePublished": "2018-05-07T13:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-17T03:34:26.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30996
Vulnerability from cvelistv5
Published
2024-02-24 15:35
Modified
2024-08-02 14:45
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7, 11.2.4, 12.0.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "cognos_analytics", "vendor": "ibm", "versions": [ { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.4" }, { "status": "affected", "version": "12.0.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-30996", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-12T22:30:05.240318Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-12T22:32:20.693Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:24.402Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254290" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240405-0004/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7, 11.2.4, 12.0.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290." } ], "value": "IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-24T15:35:48.371Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7123154" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254290" }, { "url": "https://security.netapp.com/advisory/ntap-20240405-0004/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-origin resource sharing", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-30996", "datePublished": "2024-02-24T15:35:48.371Z", "dateReserved": "2023-04-21T17:49:51.826Z", "dateUpdated": "2024-08-02T14:45:24.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4589
Vulnerability from cvelistv5
Published
2020-08-03 12:35
Modified
2024-09-17 03:42
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6252853 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/167449 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.728Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20194589-priv-esc (167449)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167449" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2020-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the \"My schedules and subscriptions\" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/PR:L/AV:N/I:L/S:U/A:N/UI:R/C:L/AC:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-03T12:35:36", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20194589-priv-esc (167449)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167449" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-30T00:00:00", "ID": "CVE-2019-4589", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the \"My schedules and subscriptions\" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6252853", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6252853 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6252853" }, { "name": "ibm-cognos-cve20194589-priv-esc (167449)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167449" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4589", "datePublished": "2020-08-03T12:35:36.526796Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T03:42:51.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4343
Vulnerability from cvelistv5
Published
2019-12-30 15:35
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1146424 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/161422 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20200110-0002/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.928Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1146424" }, { "name": "ibm-cognos-cve20194343-cors (161422)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161422" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200110-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-12-20T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/I:N/S:U/A:N/C:H/UI:N/AC:L/AV:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-10T10:06:03", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1146424" }, { "name": "ibm-cognos-cve20194343-cors (161422)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161422" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200110-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-12-20T00:00:00", "ID": "CVE-2019-4343", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "H", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1146424", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1146424 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1146424" }, { "name": "ibm-cognos-cve20194343-cors (161422)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161422" }, { "name": "https://security.netapp.com/advisory/ntap-20200110-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200110-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4343", "datePublished": "2019-12-30T15:35:21.805422Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T22:51:53.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1428
Vulnerability from cvelistv5
Published
2017-08-29 21:00
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/127583 | x_refsource_MISC | |
http://www.ibm.com/support/docview.wss?uid=swg22007242 | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190401-0003/ | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190329-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:32:30.268Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127583" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" } ] } ], "datePublic": "2017-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583." } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-01T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127583" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-08-25T00:00:00", "ID": "CVE-2017-1428", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127583", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127583" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg22007242", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" }, { "name": "https://security.netapp.com/advisory/ntap-20190401-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "name": "https://security.netapp.com/advisory/ntap-20190329-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1428", "datePublished": "2017-08-29T21:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T01:10:34.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38903
Vulnerability from cvelistv5
Published
2022-04-22 16:30
Modified
2024-09-16 19:57
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6570957 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209691 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220602-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.740Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138903-xss (209691)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209691" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 209691." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/S:C/C:L/UI:R/A:N/I:L/PR:L/AV:N/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-02T19:06:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138903-xss (209691)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209691" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2021-38903", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 209691." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6570957", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6570957 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138903-xss (209691)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209691" }, { "name": "https://security.netapp.com/advisory/ntap-20220602-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38903", "datePublished": "2022-04-22T16:30:34.144090Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T19:57:25.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4178
Vulnerability from cvelistv5
Published
2019-04-15 14:55
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.
References
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=ibm10879079 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/158919 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20190509-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:36.885Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879079" }, { "name": "ibm-cognos-cve20194178-path-traversal (158919)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158919" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190509-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11" } ] } ], "datePublic": "2019-04-10T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:H/C:L/UI:N/AC:H/PR:L/A:L/S:U/AV:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "File Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-09T10:06:02", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879079" }, { "name": "ibm-cognos-cve20194178-path-traversal (158919)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158919" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190509-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-04-10T00:00:00", "ID": "CVE-2019-4178", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "H", "AV": "N", "C": "L", "I": "H", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "File Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879079", "refsource": "CONFIRM", "title": "IBM Security Bulletin 879079 (Cognos Analytics)", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879079" }, { "name": "ibm-cognos-cve20194178-path-traversal (158919)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158919" }, { "name": "https://security.netapp.com/advisory/ntap-20190509-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190509-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4178", "datePublished": "2019-04-15T14:55:26.577900Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T03:28:45.272Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38905
Vulnerability from cvelistv5
Published
2022-04-22 16:30
Modified
2024-09-16 22:50
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6570957 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209697 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220602-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138905-info-disc (209697)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209697" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/AV:N/PR:L/S:U/AC:L/C:L/UI:N/A:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-02T19:06:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138905-info-disc (209697)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209697" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2021-38905", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6570957", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6570957 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138905-info-disc (209697)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209697" }, { "name": "https://security.netapp.com/advisory/ntap-20220602-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38905", "datePublished": "2022-04-22T16:30:37.161093Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T22:50:31.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29768
Vulnerability from cvelistv5
Published
2022-06-24 15:35
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6597241 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/202682 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220729-0002/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.151Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202129768-info-disc (202682)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202682" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-06-22T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the \u0027Cloud Storage\u0027 page for which they should not have access. IBM X-Force ID: 202682." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/I:N/UI:N/AC:L/A:N/S:U/C:L/AV:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-29T19:06:53", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202129768-info-disc (202682)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202682" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-06-22T00:00:00", "ID": "CVE-2021-29768", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the \u0027Cloud Storage\u0027 page for which they should not have access. IBM X-Force ID: 202682." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6597241", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6597241 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6597241" }, { "name": "ibm-cognos-cve202129768-info-disc (202682)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202682" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29768", "datePublished": "2022-06-24T15:35:22.929192Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T23:56:04.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29745
Vulnerability from cvelistv5
Published
2021-10-15 15:55
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6491661 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/201695 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211112-0005/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve202129745-priv-escalation (201695)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201695" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the \u0027New Job\u0027 page to which they should not have access to. IBM X-Force ID: 201695." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/AV:N/S:U/A:N/UI:N/I:L/C:L/AC:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-12T08:06:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve202129745-priv-escalation (201695)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201695" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-10-14T00:00:00", "ID": "CVE-2021-29745", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the \u0027New Job\u0027 page to which they should not have access to. IBM X-Force ID: 201695." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6491661", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6491661 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6491661" }, { "name": "ibm-cognos-cve202129745-priv-escalation (201695)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201695" }, { "name": "https://security.netapp.com/advisory/ntap-20211112-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211112-0005/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29745", "datePublished": "2021-10-15T15:55:20.522534Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T16:58:01.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35009
Vulnerability from cvelistv5
Published
2023-08-16 22:44
Modified
2024-10-07 18:04
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7, 11.2.0, 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:17:04.275Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7026692" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257703" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230831-0014/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0005/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "oncommand_insight", "vendor": "netapp", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "cognos_analytics", "vendor": "ibm", "versions": [ { "lessThan": "11.1.7_interim_fix_10", "status": "affected", "version": "11.1.7", "versionType": "custom" }, { "lessThan": "11.2.4_fix_pack_2", "status": "affected", "version": "11.2.0", "versionType": "custom" }, { "lessThan": "12.0.1", "status": "affected", "version": "11.2.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35009", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-07T17:57:49.223615Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-07T18:04:48.858Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7, 11.2.0, 11.2.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703." } ], "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-16T22:44:27.127Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7026692" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257703" }, { "url": "https://security.netapp.com/advisory/ntap-20230831-0014/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0005/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-35009", "datePublished": "2023-08-16T22:44:27.127Z", "dateReserved": "2023-06-11T20:38:02.325Z", "dateUpdated": "2024-10-07T18:04:48.858Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4183
Vulnerability from cvelistv5
Published
2019-09-17 19:05
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1073530 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/158973 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20191009-0001/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:37.051Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1073530" }, { "name": "ibm-cognos-cve20194183-dos (158973)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158973" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20191009-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-09-13T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/S:U/PR:N/I:N/C:N/UI:N/A:H/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-09T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1073530" }, { "name": "ibm-cognos-cve20194183-dos (158973)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158973" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20191009-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-09-13T00:00:00", "ID": "CVE-2019-4183", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1073530", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1073530 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1073530" }, { "name": "ibm-cognos-cve20194183-dos (158973)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158973" }, { "name": "https://security.netapp.com/advisory/ntap-20191009-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191009-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4183", "datePublished": "2019-09-17T19:05:23.824858Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T23:15:50.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-40695
Vulnerability from cvelistv5
Published
2024-12-20 13:41
Modified
2024-12-20 15:42
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7179496 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 ≤ 11.2.4 Version: 12.0.0 ≤ 12.0.4 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-40695", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-20T15:41:48.274181Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-20T15:42:12.732Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "11.2.4", "status": "affected", "version": "11.2.0", "versionType": "semver" }, { "lessThanOrEqual": "12.0.4", "status": "affected", "version": "12.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.0 through 12.0.4\u003c/span\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.\u003c/span\u003e\n\n\u003c/span\u003e" } ], "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n12.0.0 through 12.0.4\n\n\n\ncould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-20T13:41:00.327Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7179496" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics file upload", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-40695", "datePublished": "2024-12-20T13:41:00.327Z", "dateReserved": "2024-07-08T19:31:03.052Z", "dateUpdated": "2024-12-20T15:42:12.732Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4653
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/170964 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.017Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194653-xss (170964)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170964" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/UI:R/AV:N/AC:L/A:N/S:C/I:L/C:L/PR:L/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:06:50", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194653-xss (170964)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170964" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2019-4653", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194653-xss (170964)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170964" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4653", "datePublished": "2021-05-31T15:10:39.100534Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T03:28:02.023Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29823
Vulnerability from cvelistv5
Published
2022-09-01 19:00
Modified
2024-09-16 23:00
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.154Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202129823-csrf (204465)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204465" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/I:L/AC:L/AV:N/C:N/PR:N/A:N/UI:R/S:U/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202129823-csrf (204465)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204465" }, { "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29823", "datePublished": "2022-09-01T19:00:26.421581Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T23:00:38.737Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1779
Vulnerability from cvelistv5
Published
2018-01-29 16:00
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
References
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=swg22011561 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/136824 | x_refsource_MISC | |
http://www.securityfocus.com/bid/102858 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040299 | vdb-entry, x_refsource_SECTRACK | |
https://security.netapp.com/advisory/ntap-20190401-0003/ | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190329-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.0.1 Version: 11.0.2 Version: 11.0.3 Version: 11.0.4 Version: 11.0.5 Version: 11.0.6 Version: 11.0.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:39:32.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136824" }, { "name": "102858", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102858" }, { "name": "1040299", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040299" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.0.1" }, { "status": "affected", "version": "11.0.2" }, { "status": "affected", "version": "11.0.3" }, { "status": "affected", "version": "11.0.4" }, { "status": "affected", "version": "11.0.5" }, { "status": "affected", "version": "11.0.6" }, { "status": "affected", "version": "11.0.7" } ] } ], "datePublic": "2018-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824." } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-01T07:06:06", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136824" }, { "name": "102858", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102858" }, { "name": "1040299", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040299" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-01-24T00:00:00", "ID": "CVE-2017-1779", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.0.1" }, { "version_value": "11.0.2" }, { "version_value": "11.0.3" }, { "version_value": "11.0.4" }, { "version_value": "11.0.5" }, { "version_value": "11.0.6" }, { "version_value": "11.0.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg22011561", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22011561" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136824", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136824" }, { "name": "102858", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102858" }, { "name": "1040299", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040299" }, { "name": "https://security.netapp.com/advisory/ntap-20190401-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190401-0003/" }, { "name": "https://security.netapp.com/advisory/ntap-20190329-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190329-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1779", "datePublished": "2018-01-29T16:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T03:53:55.256Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43887
Vulnerability from cvelistv5
Published
2022-12-19 20:27
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6841801 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/240450 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1.7, 11.2.0, 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6841801" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1.7, 11.2.0, 11.2.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.\u003c/span\u003e\n\n" } ], "value": "\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T20:27:09.027Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6841801" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43887", "datePublished": "2022-12-19T20:27:09.027Z", "dateReserved": "2022-10-26T15:46:22.832Z", "dateUpdated": "2024-08-03T13:40:06.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4300
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/176607 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204300-xxe (176607)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176607" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/UI:N/A:L/AC:L/C:H/PR:N/S:U/I:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:06:56", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204300-xxe (176607)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176607" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2020-4300", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204300-xxe (176607)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176607" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4300", "datePublished": "2021-05-31T15:10:42.550659Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:20:47.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4471
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/163780 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:33:38.165Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194471-info-disc (163780)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163780" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/C:H/I:N/S:U/AC:H/A:N/UI:N/AV:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:06:54", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194471-info-disc (163780)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163780" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2019-4471", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194471-info-disc (163780)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163780" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4471", "datePublished": "2021-05-31T15:10:38.437107Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T02:11:48.142Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28530
Vulnerability from cvelistv5
Published
2023-07-22 01:47
Modified
2024-10-21 17:51
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.1, 11.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:22.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7012621" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251214" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230814-0005/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28530", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T17:46:59.247476Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T17:51:25.032Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1, 11.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim\u0027s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 251214." } ], "value": "IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim\u0027s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 251214." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-22T01:47:06.552Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7012621" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251214" }, { "url": "https://security.netapp.com/advisory/ntap-20230814-0005/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site scripting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-28530", "datePublished": "2023-07-22T01:47:06.552Z", "dateReserved": "2023-03-16T21:05:56.576Z", "dateUpdated": "2024-10-21T17:51:25.032Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38909
Vulnerability from cvelistv5
Published
2021-12-03 17:00
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6520510 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209706 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211223-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.916Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202138909-xss (209706)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209706" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/I:L/AV:N/A:N/PR:L/C:L/UI:R/S:C/AC:L/E:H/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-23T12:06:16", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202138909-xss (209706)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209706" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-12-02T00:00:00", "ID": "CVE-2021-38909", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6520510", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6520510 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202138909-xss (209706)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209706" }, { "name": "https://security.netapp.com/advisory/ntap-20211223-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38909", "datePublished": "2021-12-03T17:00:31.456970Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T18:28:16.876Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38886
Vulnerability from cvelistv5
Published
2022-04-22 16:30
Modified
2024-09-16 16:23
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6570957 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209399 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20220602-0003/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.733Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138886-csrf (209399)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209399" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/PR:N/I:L/A:N/UI:R/C:N/S:U/AC:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-02T19:06:25", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138886-csrf (209399)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209399" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2021-38886", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" }, { "version_value": "11.2.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "N", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6570957", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6570957 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6570957" }, { "name": "ibm-cognos-cve202138886-csrf (209399)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209399" }, { "name": "https://security.netapp.com/advisory/ntap-20220602-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220602-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38886", "datePublished": "2022-04-22T16:30:32.670783Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T16:23:02.930Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29716
Vulnerability from cvelistv5
Published
2021-12-03 17:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6520510 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/201087 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20211223-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:01.452Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129716-access-control (201087)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201087" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" } ] } ], "datePublic": "2021-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2.4, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/I:L/PR:H/A:N/C:N/UI:N/AC:L/S:U/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-23T12:06:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129716-access-control (201087)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201087" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-12-02T00:00:00", "ID": "CVE-2021-29716", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.2.0" }, { "version_value": "11.1.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "H", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6520510", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6520510 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6520510" }, { "name": "ibm-cognos-cve202129716-access-control (201087)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201087" }, { "name": "https://security.netapp.com/advisory/ntap-20211223-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211223-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29716", "datePublished": "2021-12-03T17:00:25.778137Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T23:51:34.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4354
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/178506 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:07.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204354-xss (178506)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178506" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/I:L/S:C/PR:L/C:L/A:N/AC:L/AV:N/UI:R/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:07:04", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204354-xss (178506)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178506" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2020-4354", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204354-xss (178506)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178506" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4354", "datePublished": "2021-05-31T15:10:43.266003Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T02:31:15.742Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-51466
Vulnerability from cvelistv5
Published
2024-12-20 13:38
Modified
2024-12-20 15:43
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 ≤ 11.2.4 Version: 12.0.0 ≤ 12.0.4 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-51466", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-20T15:43:09.716633Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-20T15:43:29.891Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "11.2.4", "status": "affected", "version": "11.2.0", "versionType": "semver" }, { "lessThanOrEqual": "12.0.4", "status": "affected", "version": "12.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.0 through 12.0.4\u003c/span\u003e\n\nis vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.\u003c/span\u003e" } ], "value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n12.0.0 through 12.0.4\n\nis vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-917", "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-20T13:38:55.895Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "url": "https://www.ibm.com/support/pages/node/7179496" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics expression language injection", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-51466", "datePublished": "2024-12-20T13:38:55.895Z", "dateReserved": "2024-10-28T10:50:10.475Z", "dateUpdated": "2024-12-20T15:43:29.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4561
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-17 03:39
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/183903 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204561-command-exec (183903)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183903" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 8.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/C:H/I:H/S:C/AC:L/A:H/UI:N/AV:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:06:52", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204561-command-exec (183903)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183903" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2020-4561", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "H", "I": "H", "PR": "N", "S": "C", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20204561-command-exec (183903)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183903" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4561", "datePublished": "2021-05-31T15:10:44.659014Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:39:02.327Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4730
Vulnerability from cvelistv5
Published
2021-05-31 15:10
Modified
2024-09-16 22:20
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6451705 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/172533 | vdb-entry, x_refsource_XF | |
https://security.netapp.com/advisory/ntap-20210622-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:49.122Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194730-xxe (172533)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172533" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/I:N/C:H/PR:L/UI:N/AV:N/AC:L/A:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-22T08:07:02", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194730-xxe (172533)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172533" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2019-4730", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "H", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6451705", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6451705 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6451705" }, { "name": "ibm-cognos-cve20194730-xxe (172533)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172533" }, { "name": "https://security.netapp.com/advisory/ntap-20210622-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210622-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4730", "datePublished": "2021-05-31T15:10:41.894068Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T22:20:06.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25053
Vulnerability from cvelistv5
Published
2024-06-28 18:53
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7156941 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/283364 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-25053", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-01T20:57:31.396477Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-01T20:57:36.747Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:36:21.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7156941" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283364" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364." } ], "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-28T18:53:48.828Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7156941" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283364" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics improper certificate validation", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-25053", "datePublished": "2024-06-28T18:53:48.828Z", "dateReserved": "2024-02-03T14:49:42.764Z", "dateUpdated": "2024-08-01T23:36:21.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4645
Vulnerability from cvelistv5
Published
2019-11-09 01:41
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1074144 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/170881 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.138Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20194645-xss (170881)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170881" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2019-11-05T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/C:L/A:N/S:C/AC:L/AV:N/I:L/PR:N/UI:R/RC:C/RL:O/E:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-09T01:41:11", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20194645-xss (170881)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170881" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-11-05T00:00:00", "ID": "CVE-2019-4645", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/1074144", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1074144 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/1074144" }, { "name": "ibm-cognos-cve20194645-xss (170881)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170881" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4645", "datePublished": "2019-11-09T01:41:11.637386Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T04:29:10.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4388
Vulnerability from cvelistv5
Published
2020-10-12 13:20
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6346922 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/179270 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.0 Version: 11.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:00:06.984Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6346922" }, { "name": "ibm-cognos-cve20204388-dos (179270)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179270" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "11.1" } ] } ], "datePublic": "2020-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:L/A:L/S:U/UI:N/I:N/AV:N/AC:L/PR:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-12T13:20:28", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6346922" }, { "name": "ibm-cognos-cve20204388-dos (179270)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179270" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-10-09T00:00:00", "ID": "CVE-2020-4388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cognos Analytics", "version": { "version_data": [ { "version_value": "11.0" }, { "version_value": "11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6346922", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6346922 (Cognos Analytics)", "url": "https://www.ibm.com/support/pages/node/6346922" }, { "name": "ibm-cognos-cve20204388-dos (179270)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179270" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4388", "datePublished": "2020-10-12T13:20:29.066763Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:06:21.476Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-45082
Vulnerability from cvelistv5
Published
2024-12-18 16:15
Modified
2024-12-18 19:36
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3
could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7177223 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 ≤ 11.2.4 Version: 12.0.0 ≤ 12.0.3 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45082", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-18T19:35:56.748146Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-18T19:36:15.079Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "11.2.4", "status": "affected", "version": "11.2.0", "versionType": "semver" }, { "lessThanOrEqual": "12.0.3", "status": "affected", "version": "12.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics\u003c/span\u003e\u0026nbsp;11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.\u003c/span\u003e\n\n\u003c/span\u003e" } ], "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\ncould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T16:15:12.666Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7177223" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics HTTP open redirection", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-45082", "datePublished": "2024-12-18T16:15:12.666Z", "dateReserved": "2024-08-21T19:11:05.063Z", "dateUpdated": "2024-12-18T19:36:15.079Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36773
Vulnerability from cvelistv5
Published
2022-09-01 19:00
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:14:28.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202236773-xxe (233571)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/I:N/AV:N/C:H/A:L/UI:N/S:U/PR:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202236773-xxe (233571)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571" }, { "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-36773", "datePublished": "2022-09-01T19:00:29.851093Z", "dateReserved": "2022-07-26T00:00:00", "dateUpdated": "2024-09-16T19:40:32.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25041
Vulnerability from cvelistv5
Published
2024-06-28 18:55
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7156941 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/282780 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-25041", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-28T20:06:54.969875Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-28T20:07:03.127Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:36:21.310Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7156941" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282780" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780." } ], "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-28T18:55:55.233Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7156941" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282780" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Cognos Analytics cross-site scripting", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-25041", "datePublished": "2024-06-28T18:55:55.233Z", "dateReserved": "2024-02-03T14:49:24.713Z", "dateUpdated": "2024-08-01T23:36:21.310Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39045
Vulnerability from cvelistv5
Published
2022-09-01 19:00
Modified
2024-09-16 16:47
Severity ?
EPSS score ?
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cognos Analytics |
Version: 11.2.0 Version: 11.1.7 Version: 11.2.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.324Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202139045-info-disc (214345)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214345" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cognos Analytics", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.2.0" }, { "status": "affected", "version": "11.1.7" }, { "status": "affected", "version": "11.2.1" } ] } ], "datePublic": "2022-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/AV:L/AC:L/I:N/S:U/A:N/UI:N/PR:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "url": "https://www.ibm.com/support/pages/node/6615285" }, { "name": "ibm-cognos-cve202139045-info-disc (214345)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214345" }, { "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-39045", "datePublished": "2022-09-01T19:00:28.121687Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T16:47:36.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }