CVE-2022-36594 Mapper v4.0.0 to v4.2.0 had a SQL injection vulnerability.
A successful exploit could cause denial-of-service condition or install malicious code on the application server. Mapper v4.0.0 to v4.2.0 was discovered
CVE-2022-36759 An SQL injection was found in the /dishes.php?res_id= component of the food ordering system v1.0.
This allowed for remote attackers to execute arbitrary SQL commands or cause data leakage by running arbitrary queries. This issue was resolved by properly filtering
CVE-2021-39009 IBM Cognos Analytics stores users' credentials in plain text, which can be read by a local privileged user.
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by
CVE-2021-20468 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
An attacker could exploit this vulnerability by persuading a user to click a maliciously crafted link. A successful exploit could allow the attacker to access
CVE-2022-36773 IBM Cognos Analytics is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
In certain configurations, IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a Denial of Service (DoS) attack.
Episode
00:00:00
00:00:00