High Severity

Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics

Share this post:

This Security Bulletin addresses vulnerabilities that have been addressed in IBM Cognos Analytics 11.1.4 and 11.0.13 FP2.

A vulnerability has been addressed where a parameter in a Cognos URL can be modified such that Cognos HTTP messages are forwarded to a hostile server. (CVE-2018-1721)

A vulnerability has been addressed where the The X-Powered-By attribute is being returned in the HTTP response header in IBM Cognos Analytics. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of the web server. (CVE-2019-4334)

A vulnerability has been addressed in IBM Cognos Analytics 11.1.4 where the product could be vulnerable to a cross-sire scripting (XSS) attack in the Assistant Search tab via .xlsx file upload. (CVE-2019-4645). This vulnerability was not applicable in IBM Cognos Analytics 11.0.x.

Affected Products and Versions

IBM Cognos Analytics 11.1
IBM Cognos Analytics 11.0
Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1074144
More High Severity stories

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Apr 14, 2021 9:23 am EDT | Low Severity

IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ ...read more


Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Apr 14, 2021 9:23 am EDT | Low Severity

IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ ...read more


Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Apr 14, 2021 9:23 am EDT | Low Severity

TXSeries for Multiplatforms has addressed the following vulnerability reported by IBM® Runtime Environment Java™ ...read more