Medium Severity

IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139)

Share this post:

This bulletin addresses a security vulnerability that has been fixed in IBM Cognos Analytics 11.1.2 and IBM Cognos Analytics 11.0.13 FP1. A Cross Site Scripting (XSS) vulnerability could allow attackers to inject code into a GET statement when importing visualizations. This has been addressed in the latest available updates.

CVE(s): CVE-2019-4139

Affected product(s) and affected version(s):

IBM Cognos Analytics 11.1.1

IBM Cognos Analytics 11.1.0

IBM Cognos Analytics 11.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10883872
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158335

More stories

IBM Security Bulletin: Multiple vulnerabilities in Open Source Libreswan affect IBM Netezza Host Management

Aug 21, 2019 9:01 am EDT | Medium Severity

Open Source Libreswan is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. CVE(s): CVE-2019-12312, CVE-2019-10155 Affected product(s) and affected version(s): IBM Netezza Host Management 5.4.7.0 – 5.4.24.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10961690X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/161562X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162652 ...read more


IBM Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server

Aug 21, 2019 9:01 am EDT | Medium Severity

Multiple vulnerabilities in Spring Framework were addressed by IBM InfoSphere Information Server. CVE(s): CVE-2015-5211, CVE-2015-3192 Affected product(s) and affected version(s):The following product, running on all supported platforms, is affected: IBM InfoSphere Information Server : versions 11.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10887121X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/130673X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115554 ...read more


IBM Security Bulletin: Vulnerability in NTP affects AIX (CVE-2019-8936) Security Bulletin

Aug 20, 2019 9:01 am EDT | Medium Severity

There is a vulnerability in NTPv3 and NTPv4 that affects AIX. CVE(s): CVE-2019-8936 Affected product(s) and affected version(s):AIX 7.1, 7.2 VIOS 2.2, 3.1 The vulnerabilities in the following filesets are being addressed: key_fileset = aix For NTPv3: Fileset Lower Level Upper Level KEY PRODUCT(S) ——————————————————————— bos.net.tcp.client 6.1.9.0 6.1.9.404 key_w_fs NTPv3 bos.net.tcp.client 7.1.4.0 7.1.4.35 key_w_fs NTPv3 ...read more