Ibm Cognos Analytics

97 CVEs affecting Ibm Cognos Analytics. Latest disclosed: 2026-05-27. Critical: 2, High: 11.

Top CVEs affecting Ibm Cognos Analytics
CVESeverityScorePublishedSummary
CVE-2020-4561Critical10.02021-05-31IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access…
CVE-2024-51466Critical9.02024-12-20IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote atta…
CVE-2021-29679High8.82021-10-15IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that co…
CVE-2024-25047High8.62024-05-02IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided…
CVE-2018-1721High8.32019-11-09IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this…
CVE-2020-4300High8.22021-05-31IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit thi…
CVE-2020-4377High8.22020-08-03IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this…
CVE-2024-40695High8.02024-12-20IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the…
CVE-2025-25032High7.52025-06-11IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of…
CVE-2024-49352High7.12025-02-05IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE)…
CVE-2022-36773High7.12022-09-01IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker coul…
CVE-2020-4520High7.12021-05-31IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the c…
CVE-2019-4730High7.12021-05-31IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit thi…
CVE-2024-45082Medium6.82024-12-18IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack…
CVE-2024-56340Medium6.52025-02-28IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting…
CVE-2025-0823Medium6.52025-02-28IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could…
CVE-2022-34357Medium6.52024-02-24IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unli…
CVE-2022-43883Medium6.52022-12-19 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enabl…
CVE-2022-38708Medium6.52022-12-19 IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-contro…
CVE-2022-30614Medium6.52022-09-01IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote…