Home Unlabelled Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics

Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics

By
Sunday, January 05, 2020
Read
Add Comment

This Security Bulletin addresses vulnerabilities that have been addressed in IBM Cognos Analytics 11.1.4 and 11.0.13 FP2.

A vulnerability has been addressed where a parameter in a Cognos URL can be modified such that Cognos HTTP messages are forwarded to a hostile server. (CVE-2018-1721)

A vulnerability has been addressed where the The X-Powered-By attribute is being returned in the HTTP response header in IBM Cognos Analytics. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of the web server. (CVE-2019-4334)

A vulnerability has been addressed in IBM Cognos Analytics 11.1.4 where the product could be vulnerable to a cross-sire scripting (XSS) attack in the Assistant Search tab via .xlsx file upload. (CVE-2019-4645). This vulnerability was not applicable in IBM Cognos Analytics 11.0.x.

Affected Products and Versions

IBM Cognos Analytics 11.1
IBM Cognos Analytics 11.0
Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1074144

The post Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2MWEpbd
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us