CyberSec.Space Logo
Back to CVE Browser

CVE-2021-29679

HIGH
8.8
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile3.88th
PublishedOct 15, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

Affected Platforms (CPE)

πŸ“¦
Ibm

Cognos Analytics

= 11.1.7
πŸ“¦
Ibm

Cognos Analytics

= 11.2.0
πŸ“¦
Netapp

Oncommand Insight

All versions

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/199915
πŸ”— https://security.netapp.com/advisory/ntap-20211112-0005/
πŸ”— https://www.ibm.com/support/pages/node/6491661
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/199915
πŸ”— https://security.netapp.com/advisory/ntap-20211112-0005/
πŸ”— https://www.ibm.com/support/pages/node/6491661

Related Vulnerabilities

CVE-2020-456110.0

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a re...

CVE-2021-389459.8

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper conten...

CVE-2018-17218.8

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remot...

CVE-2020-45208.8

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticat...