High Severity

IBM Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Share this post:

This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.9.0. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8. These issues were disclosed as part of the IBM Java SDK updates in July 2017. IBM Cognos Analytics has addressed a vulnerability in libpng that could be exploited to cause a denial of service. IBM Cognos Analytics consumes the Apache Xerces-C XML Parser library. This library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD.  This vulnerability has been addressed.

CVE(s): CVE-2017-10125, CVE-2017-10067, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10087, CVE-2017-1376, CVE-2017-10105, CVE-2016-10087, CVE-2016-4463

Affected product(s) and affected version(s):

IBM Cognos Analytics Versions 11.0.0.0 to 11.0.8.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22011810
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128885
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128831
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128858
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128862
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128863
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128849
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/126873
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128866
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124207
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114596

More stories

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities

Mar 26, 2020 8:00 pm EDT | High Severity

WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities ...read more


Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent

Mar 26, 2020 8:00 pm EDT | High Severity

There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Mar 26, 2020 8:00 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. ...read more