IBM » Cognos Tm1 : Security Vulnerabilities, CVEs, CVSS score >= 5
IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617.
Max CVSS
6.1
EPSS Score
0.12%
Published
2018-01-26
Updated
2018-02-08
IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link.
Max CVSS
5.0
EPSS Score
0.28%
Published
2014-09-05
Updated
2017-08-29
CVE-2012-0202
Public exploit
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
Max CVSS
10.0
EPSS Score
96.84%
Published
2012-05-04
Updated
2017-08-29
3 vulnerabilities found