Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

Dec 19, 2019 7:00 pm EST

Categorized: High Severity

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Cognos Analytics. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, April 2018, July 2018, October 2018, January 2019 and April 2019. Cognos Analytics has addressed the applicable CVEs. Vulnerabilities have been addressed in the following 3rd party software components that are consumed by IBM Cognos Analytics: IBM Websphere Liberty, OpenSSL, Apache HTTP Server, and Microsoft C++ Runtime Library. An XSRF vulnerability in the Cognos Analytics Upload Library and a XSS vulnerability in the Cognos Analytics Upload Visualization functionality have also been addressed.

Affected product(s) and affected version(s):

IBM Cognos Analytics 11.1

IBM Cognos Analytics 11.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1138588



from IBM Product Security Incident Response Team https://ift.tt/34FfJtR