High Severity

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Cognos Analytics. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, April 2018, July 2018, October 2018, January 2019 and April 2019. Cognos Analytics has addressed the applicable CVEs. Vulnerabilities have been addressed in the following 3rd party software components that are consumed by IBM Cognos Analytics: IBM Websphere Liberty, OpenSSL, Apache HTTP Server, and Microsoft C++ Runtime Library. An XSRF vulnerability in the Cognos Analytics Upload Library and a XSS vulnerability in the Cognos Analytics Upload Visualization functionality have also been addressed.

Affected product(s) and affected version(s):

IBM Cognos Analytics 11.1

IBM Cognos Analytics 11.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1138588

More stories

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerablility.

Feb 22, 2020 7:00 pm EST | High Severity

IBM Worklight/MobileFoundation has addressed the following vulnerability. WebSphere Liberty susceptible to HTTP2 implementation vulnerablility. ...read more


Security Bulletin: Command injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4210, CVE-2020-4213, CVE-2020-4222, CVE-2020-4212, CVE-2020-4211)

Feb 22, 2020 7:00 pm EST | High Severity

Command injection vulnerabilities in IBM Spectrum Protect Plus could allow a remote attacker to execute arbitrary code on the system. ...read more


Security Bulletin: A security vulnerability has been identified in libjpeg-turbo shipped with PowerAI.

Feb 22, 2020 7:00 pm EST | High Severity

Vulnerability CVE-2019-2201 found in libjpeg-turbo package. ...read more