High Severity
Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics
Jan 5, 2020 8:03 pm EST
Categorized: High Severity
Share this post:
This Security Bulletin addresses vulnerabilities that have been addressed in IBM Cognos Analytics 11.1.4 and 11.0.13 FP2.
A vulnerability has been addressed where a parameter in a Cognos URL can be modified such that Cognos HTTP messages are forwarded to a hostile server. (CVE-2018-1721)
A vulnerability has been addressed where the The X-Powered-By attribute is being returned in the HTTP response header in IBM Cognos Analytics. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of the web server. (CVE-2019-4334)
A vulnerability has been addressed in IBM Cognos Analytics 11.1.4 where the product could be vulnerable to a cross-sire scripting (XSS) attack in the Assistant Search tab via .xlsx file upload. (CVE-2019-4645). This vulnerability was not applicable in IBM Cognos Analytics 11.0.x.
Affected Products and Versions
Source Bulletin: https://www.ibm.com/support/pages/node/1074144
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud
Apr 14, 2021 9:23 am EDT | Low Severity
IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ ...read more
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud
Apr 14, 2021 9:23 am EDT | Low Severity
IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ ...read more
Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms
Apr 14, 2021 9:23 am EDT | Low Severity
TXSeries for Multiplatforms has addressed the following vulnerability reported by IBM® Runtime Environment Java™ ...read more