IBM » Cognos Business Intelligence : Security Vulnerabilities, CVEs, Published In 2017
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-03-08
Updated
2017-03-22
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-03-27
Updated
2017-03-29
IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-04-17
Updated
2017-04-21
IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.
Max CVSS
5.7
EPSS Score
0.06%
Published
2017-04-17
Updated
2017-04-21
IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-04-17
Updated
2017-04-21
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.
Max CVSS
6.8
EPSS Score
0.19%
Published
2017-06-07
Updated
2017-06-14
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-02-01
Updated
2017-04-06
7 vulnerabilities found