Medium Severity

IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139)

Share this post:

This bulletin addresses a security vulnerability that has been fixed in IBM Cognos Analytics 11.1.2 and IBM Cognos Analytics 11.0.13 FP1. A Cross Site Scripting (XSS) vulnerability could allow attackers to inject code into a GET statement when importing visualizations. This has been addressed in the latest available updates.

CVE(s): CVE-2019-4139

Affected product(s) and affected version(s):

IBM Cognos Analytics 11.1.1

IBM Cognos Analytics 11.1.0

IBM Cognos Analytics 11.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10883872
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158335

More stories

IBM Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter

Jun 16, 2019 9:01 am EDT | Medium Severity

The following vulnerability in strongswan has been addressed by QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter: CVE(s): CVE-2018-10811 Affected product(s) and affected version(s): Product Affected Version QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter Firmware Update 7.10 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru

Jun 16, 2019 9:00 am EDT | Medium Severity

The following vulnerabilities in OpenSSL and strongswan have been addressed by IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru. CVE(s): CVE-2018-0739, CVE-2018-10811 Affected product(s) and affected version(s): Product Affected Version IBM Flex System FC3171 8Gb SAN Switch and IBM Flex System FC3171 8Gb SAN Pass-thru Firmware Update 9.1 Refer to the following reference ...read more


IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)

Jun 15, 2019 9:00 am EDT | Medium Severity

IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack CVE(s): CVE-2019-4142 Affected product(s) and affected version(s):IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885434X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158338 ...read more