threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm cognos analytics
Product
ibm cognos analytics
102 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-52900
>= 11.2.0 and < 11.2.4
IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This
6.4
MEDIUM
CVE-2025-25032
>= 11.2.0 and <= 11.2.4
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticat
7.5
HIGH
CVE-2025-0923
>= 11.2.0 and <= 11.2.4
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the
5.3
MEDIUM
CVE-2025-0917
>= 11.2.0 and <= 11.2.4
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cr
5.5
MEDIUM
CVE-2025-0823
>= 11.2.0 and < 11.2.4
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on
6.5
MEDIUM
CVE-2024-56340
>= 11.2.0 and < 11.2.4
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access
6.5
MEDIUM
CVE-2024-49352
>= 11.2.0 and < 11.2.4
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML Ex
7.1
HIGH
CVE-2023-38009
all versions
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack
4.2
MEDIUM
CVE-2024-51466
>= 11.2.0 and < 11.2.4
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection
9.0
CRITICAL
CVE-2024-40695
>= 11.2.0 and < 11.2.4
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not
8.0
HIGH
CVE-2024-45082
>= 11.2.0 and <= 11.2.4
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks,
6.8
MEDIUM
CVE-2024-41752
>= 11.2.0 and <= 11.2.4
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inj
5.4
MEDIUM
CVE-2024-25042
>= 11.2.0 and <= 11.2.4
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS).
5.4
MEDIUM
CVE-2024-40703
>= 11.2.0 and <= 11.2.3
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for
5.5
MEDIUM
CVE-2024-25053
all versions
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate vali
5.9
MEDIUM
CVE-2024-25041
>= 11.2.0 and <= 11.2.3
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site sc
5.4
MEDIUM
CVE-2024-25047
>= 11.2.0 and < 11.2.4
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by
8.6
HIGH
CVE-2023-43051
>= 11.1.1 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar
5.4
MEDIUM
CVE-2023-38359
>= 11.1.1 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar
6.1
MEDIUM
CVE-2023-32344
>= 11.1.1 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form act
4.3
MEDIUM
CVE-2023-30996
>= 11.1.1 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages s
5.3
MEDIUM
CVE-2022-34357
>= 11.1.1 and < 11.1.7
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of
6.5
MEDIUM
CVE-2023-35011
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticat
5.4
MEDIUM
CVE-2023-35009
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication
5.3
MEDIUM
CVE-2023-28530
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Cus
5.4
MEDIUM
CVE-2023-25929
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS
4.6
MEDIUM
CVE-2021-39036
all versions
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS
6.1
MEDIUM
CVE-2022-43887
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log f
5.3
MEDIUM
CVE-2022-43883
>= 11.1.0 and <= 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-contr
6.5
MEDIUM
CVE-2022-39160
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar
6.1
MEDIUM
CVE-2022-38708
>= 11.1.0 and <= 11.1.7
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constr
6.5
MEDIUM
CVE-2022-34339
>= 11.1.0 and < 11.1.7
"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated use
6.5
MEDIUM
CVE-2022-36773
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML
8.1
HIGH
CVE-2022-30614
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specia
7.5
HIGH
CVE-2021-39045
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature
5.5
MEDIUM
CVE-2021-39009
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privilege
5.5
MEDIUM
CVE-2021-29823
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execu
6.5
MEDIUM
CVE-2021-20468
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execu
6.5
MEDIUM
CVE-2020-4301
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execu
6.5
MEDIUM
CVE-2021-39047
>= 11.1.0 and < 11.1.7
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulner
6.1
MEDIUM
CVE-2021-38945
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper conten
9.8
CRITICAL
CVE-2021-29768
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of t
6.5
MEDIUM
CVE-2021-38946
all versions
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar
5.4
MEDIUM
CVE-2021-38905
all versions
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have a
4.3
MEDIUM
CVE-2021-38904
all versions
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via inco
6.5
MEDIUM
CVE-2021-38903
all versions
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-suppl
5.4
MEDIUM
CVE-2021-38886
all versions
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execu
8.8
HIGH
CVE-2021-29824
all versions
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read ac
4.3
MEDIUM
CVE-2021-20464
all versions
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a ma
6.5
MEDIUM
CVE-2021-38909
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2021-29867
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have a
5.4
MEDIUM
CVE-2021-29756
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow a
8.8
HIGH
CVE-2021-29719
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incor
5.3
MEDIUM
CVE-2021-29716
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be
6.5
MEDIUM
CVE-2021-20493
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
6.1
MEDIUM
CVE-2021-20470
>= 11.1.0 and < 11.1.7
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier
7.5
HIGH
CVE-2021-29745
all versions
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'Ne
8.8
HIGH
CVE-2021-29679
all versions
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing
8.8
HIGH
CVE-2020-4951
all versions
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive
3.3
LOW
CVE-2021-20461
>= 11.0.0 and < 11.0.13
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setti
6.5
MEDIUM
CVE-2020-4561
all versions
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a re
10.0
CRITICAL
CVE-2020-4520
all versions
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticat
8.8
HIGH
CVE-2020-4354
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS
5.4
MEDIUM
CVE-2020-4300
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remo
8.2
HIGH
CVE-2019-4730
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remo
7.1
HIGH
CVE-2019-4724
all versions
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocom
7.5
HIGH
CVE-2019-4723
all versions
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocom
7.5
HIGH
CVE-2019-4722
all versions
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandl
4.3
MEDIUM
CVE-2019-4653
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS
5.4
MEDIUM
CVE-2019-4471
all versions
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the
6.5
MEDIUM
CVE-2020-4388
>= 11.0.0 and < 11.0.13
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet a
8.2
HIGH
CVE-2020-4302
>= 11.0.0 and < 11.0.13
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injectio
7.8
HIGH
CVE-2020-4377
all versions
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remot
9.1
CRITICAL
CVE-2019-4589
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible
4.3
MEDIUM
CVE-2019-4366
all versions
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access t
5.3
MEDIUM
CVE-2019-4729
>= 11.0.0.0 and < 11.0.13
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error m
4.3
MEDIUM
CVE-2019-4623
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS
5.4
MEDIUM
CVE-2019-4343
all versions
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfe
6.5
MEDIUM
CVE-2019-4555
>= 11.0.0 and <= 11.0.12
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS
5.4
MEDIUM
CVE-2019-4231
>= 11.0.0 and <= 11.0.12
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious
4.3
MEDIUM
CVE-2019-4645
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS
6.1
MEDIUM
CVE-2019-4334
all versions
IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attack
4.3
MEDIUM
CVE-2018-1721
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remot
8.8
HIGH
CVE-2019-4342
all versions
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS
5.4
MEDIUM
CVE-2019-4183
all versions
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially c
7.5
HIGH
CVE-2019-4139
all versions
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbi
5.4
MEDIUM
CVE-2019-4178
>= 11.0.0.0 and <= 11.0.13.0
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-cr
6.4
MEDIUM
CVE-2018-1842
>= 11.0.0.0 and <= 11.0.12.0
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its
3.6
LOW
CVE-2018-1413
>= 11.0.0.0 and <= 11.0.10.0
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod
5.4
MEDIUM
CVE-2016-9711
all versions
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that coul
5.3
MEDIUM
CVE-2017-1784
all versions
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a
5.5
MEDIUM
CVE-2017-1783
all versions
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authent
4.0
MEDIUM
CVE-2017-1779
all versions
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
7.8
HIGH
CVE-2017-1535
all versions
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod
5.4
MEDIUM
CVE-2017-1485
all versions
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod
5.4
MEDIUM
CVE-2017-1428
all versions
IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to vis
6.1
MEDIUM
CVE-2017-1427
all versions
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod
6.1
MEDIUM
CVE-2016-3032
all versions
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod
5.4
MEDIUM
CVE-2016-3031
all versions
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod
5.4
MEDIUM
CVE-2016-3015
all versions
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod
5.4
MEDIUM
CVE-2016-0217
all versions
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper valida
5.4
MEDIUM
CVE-2016-0398
all versions
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.
4.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin