cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-39081,https://securityvulnerability.io/vulnerability/CVE-2021-39081,Cryptographic Flaw in IBM Cognos Analytics Mobile for Android,"CVE-2021-39081 is a significant cryptographic vulnerability found in IBM Cognos Analytics Mobile for Android version 1.1.14. This vulnerability arises from the use of weaker than expected cryptographic algorithms, which could permit an attacker to decrypt sensitive information inadvertently. Organizations using this version of the application risk exposing critical data, making it imperative to evaluate and implement the necessary security measures to mitigate this threat.",IBM,Cognos Analytics Mobile For Android,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-12-19T01:15:00.000Z,0
CVE-2024-40703,https://securityvulnerability.io/vulnerability/CVE-2024-40703,Cognos Analytics Vulnerability Could Lead to Sensitive Information Disclosure,"A local information disclosure vulnerability exists in IBM Cognos Analytics that may allow an attacker with local access to the system to obtain sensitive information, specifically an API key. This API key could be exploited to perform unauthorized actions or launch subsequent attacks against the affected applications. Users of IBM Cognos Analytics should take immediate steps to safeguard their systems and data against potential exploitation of this vulnerability.",IBM,"Cognos Analytics,Cognos Analytics Reports",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-22T12:20:28.223Z,0
CVE-2024-25041,https://securityvulnerability.io/vulnerability/CVE-2024-25041,IBM Cognos Analytics Vulnerable to Cross Site Scripting (XSS),"IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant.  IBM X-Force ID:  282780.",IBM,Cognos Analytics,5.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-06-28T18:55:55.233Z,0
CVE-2024-25053,https://securityvulnerability.io/vulnerability/CVE-2024-25053,Cognos Analytics Vulnerable to Certificate Validation Attack,"IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server.  IBM X-Force ID:  283364.",IBM,Cognos Analytics,5.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-06-28T18:53:48.828Z,0
CVE-2024-25047,https://securityvulnerability.io/vulnerability/CVE-2024-25047,IBM Cognos Analytics Vulnerable to Injection Attacks,"IBM Cognos Analytics versions 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 are exposed to injection attacks due to a flaw in the handling of application logging. This vulnerability arises from the lack of proper sanitization of user-provided data, which may enable attackers to execute arbitrary code or conduct further exploits against the system. Organizations utilizing the affected versions are encouraged to implement remediation measures to mitigate the risks associated with this vulnerability.",IBM,Cognos Analytics,8.6,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-05-02T20:09:21.479Z,0
CVE-2023-30996,https://securityvulnerability.io/vulnerability/CVE-2023-30996,IBM Cognos Analytics Vulnerable to Information Leakage,"An information leakage vulnerability exists in IBM Cognos Analytics due to the handling of messages from unverified sources in communication between Windows objects of different origins. This flaw may allow unauthorized access to sensitive data, originating from improper validation in object interactions. Users of affected versions 11.1.7, 11.2.4, and 12.0.0 should assess their exposure to this issue and consider implementing mitigating actions as outlined in IBM's advisories.",IBM,Cognos Analytics,5.3,MEDIUM,0.0011899999808520079,false,false,false,false,,false,false,2024-02-26T16:27:00.000Z,0
CVE-2023-38359,https://securityvulnerability.io/vulnerability/CVE-2023-38359,IBM Cognos Analytics Vulnerable to Cross-Site Scripting,"IBM Cognos Analytics has a vulnerability that allows for cross-site scripting (XSS). This security flaw permits attackers to inject arbitrary JavaScript code into the Web UI of affected versions. As a result, the intended functionality of the application can be altered, which may lead to the disclosure of sensitive credentials during a trusted session. Organizations using Cognos Analytics versions 11.1.7, 11.2.4, or 12.0.0 should take immediate precautions to safeguard their systems from potential exploitation. For more details, please refer to vendor advisories and vulnerability databases.",IBM,Cognos Analytics,6.1,MEDIUM,0.0010499999625608325,false,false,false,false,,false,false,2024-02-26T16:27:00.000Z,0
CVE-2023-32344,https://securityvulnerability.io/vulnerability/CVE-2023-32344,IBM Cognos Analytics Vulnerable to Form Action Hijacking,"IBM Cognos Analytics versions 11.1.7, 11.2.4, and 12.0.0 are susceptible to form action hijacking. This vulnerability permits an attacker to manipulate the form action attribute, redirecting it to an arbitrary path. Such exploitation can lead to unauthorized access to sensitive data and potential breaches within the affected systems. Organizations utilizing these versions of Cognos Analytics should prioritize security updates and closely monitor their environments to mitigate risks associated with this vulnerability.",IBM,Cognos Analytics,4.3,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2024-02-26T16:27:00.000Z,0
CVE-2023-43051,https://securityvulnerability.io/vulnerability/CVE-2023-43051,IBM Cognos Analytics Vulnerable to Cross-Site Scripting,"IBM Cognos Analytics versions 11.1.7, 11.2.4, and 12.0.0 are susceptible to a cross-site scripting flaw that enables users to deploy arbitrary JavaScript code within the application's web interface. This allows for manipulation of the application’s intended functionality, which could potentially expose user credentials during a trusted session. This vulnerability raises significant security concerns as it can lead to unauthorized access or data integrity issues.",IBM,Cognos Analytics,5.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2024-02-26T16:27:00.000Z,0
CVE-2022-34357,https://securityvulnerability.io/vulnerability/CVE-2022-34357,Cognos Analytics Mobile Server Vulnerable to Denial of Service Attacks,"IBM Cognos Analytics Mobile Server versions 11.1.7, 11.2.4, and 12.0.0 are susceptible to a Denial of Service attack caused by insufficient rate limiting. This vulnerability enables an attacker to send a high volume of HTTP requests, resulting in the potential exhaustion of server resources. As a result, legitimate users may experience service unavailability, impacting business operations and user productivity. Proper rate limiting measures are essential to mitigate this risk and ensure continued service accessibility.",IBM,Cognos Analytics,6.5,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2024-02-26T16:27:00.000Z,0
CVE-2023-35009,https://securityvulnerability.io/vulnerability/CVE-2023-35009,IBM Cognos Analytics information disclosure,"IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks.  IBM X-Force ID:  257703.",IBM,Cognos Analytics,5.3,MEDIUM,0.0014700000174343586,false,false,false,false,,false,false,2023-08-16T23:15:00.000Z,0
CVE-2023-35011,https://securityvulnerability.io/vulnerability/CVE-2023-35011,IBM Cognos Analytics server-side request forgey,"IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  257705.",IBM,Cognos Analytics,5.4,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2023-08-16T23:15:00.000Z,0
CVE-2023-25929,https://securityvulnerability.io/vulnerability/CVE-2023-25929,IBM Cognos Analytics cross-site scripting,IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  247861.,IBM,Cognos Analytics,4.6,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2023-07-22T02:15:00.000Z,0
CVE-2023-28530,https://securityvulnerability.io/vulnerability/CVE-2023-28530,IBM Cognos Analytics cross-site scripting,"IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.  IBM X-Force ID:  251214.",IBM,Cognos Analytics,5.4,MEDIUM,0.0006900000153109431,false,false,false,false,,false,false,2023-07-22T02:15:00.000Z,0
CVE-2023-28953,https://securityvulnerability.io/vulnerability/CVE-2023-28953,IBM Cognos Analytics on Cloud Pak for Data improper access control,IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context.  IBM X-Force ID:  251465.,IBM,Cognos Analytics Cartridge For Cloud Pak For Data,3.1,LOW,0.0006099999882280827,false,false,false,false,,false,false,2023-07-10T00:17:30.448Z,0
CVE-2021-39036,https://securityvulnerability.io/vulnerability/CVE-2021-39036,IBM Cognos Analytics cross-site scripting,IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  213966.,IBM,Cognos Analytics,6.1,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-05-12T00:49:10.920Z,0
CVE-2022-39160,https://securityvulnerability.io/vulnerability/CVE-2022-39160,IBM Cognos Analytics cross-site scripting,"
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.

",IBM,Cognos Analytics,6.1,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2022-12-19T20:57:35.505Z,0
CVE-2022-43883,https://securityvulnerability.io/vulnerability/CVE-2022-43883,IBM Cognos Analytics data manipulation,"
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

",IBM,Cognos Analytics,6.5,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2022-12-19T20:47:46.352Z,0
CVE-2022-43887,https://securityvulnerability.io/vulnerability/CVE-2022-43887,IBM Cognos Analytics information disclosure,"
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

",IBM,Cognos Analytics,5.3,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2022-12-19T20:27:09.027Z,0
CVE-2022-38708,https://securityvulnerability.io/vulnerability/CVE-2022-38708,IBM Cognos Analytics server-side request forgery,"
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.

",IBM,Cognos Analytics,6.5,MEDIUM,0.001019999966956675,false,false,false,false,,false,false,2022-12-19T20:12:17.865Z,0
CVE-2022-34339,https://securityvulnerability.io/vulnerability/CVE-2022-34339,,"""IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963.""",IBM,IBM Cognos Analytics,6.5,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2022-11-03T00:00:00.000Z,0
CVE-2022-36773,https://securityvulnerability.io/vulnerability/CVE-2022-36773,,"IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.",IBM,Cognos Analytics,7.1,HIGH,0.0030300000216811895,false,false,false,false,,false,false,2022-09-01T19:15:00.000Z,0
CVE-2021-20468,https://securityvulnerability.io/vulnerability/CVE-2021-20468,,"IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.",IBM,Cognos Analytics,4.3,MEDIUM,0.001290000043809414,false,false,false,false,,false,false,2022-09-01T19:15:00.000Z,0
CVE-2021-39009,https://securityvulnerability.io/vulnerability/CVE-2021-39009,,"IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.",IBM,Cognos Analytics,4.4,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2022-09-01T19:15:00.000Z,0
CVE-2020-4301,https://securityvulnerability.io/vulnerability/CVE-2020-4301,,"IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.",IBM,Cognos Analytics,4.3,MEDIUM,0.001290000043809414,false,false,false,false,,false,false,2022-09-01T19:15:00.000Z,0