Security vulnerabilities have been addressed in IBM Cognos Analytics.
CVEID:CVE-2020-1747
**DESCRIPTION:**PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing untrusted YAML files through the full_load method or with the FullLoader loader. By abusing the python/object/new constructor, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178416 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-4302
**DESCRIPTION:**IBM Cognos Analytics could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176610 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID:CVE-2020-4388
**DESCRIPTION:**IBM Cognos Analytics could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
IBM Cognos Analytics 11.1
CVE-2020-1747
CVE-2020-4388
CVE-2020-4302 when used with IBM Cognos PowerPlay 11.x
IBM Cognos Analytics 11.0
CVE-2020-4302 when used with IBM Cognos PowerPlay 11.x
For IBM Cognos Analytics 11.1.x :
The recommended solution is to apply the fix for the versions listed as soon as practical.
IBM Cognos Analytics 11.1.7 FP1
For IBM Cognos Analytics 11.0.x:
The recommended solution is to apply the latest available version of IBM Cognos Analytics 11.0.x.
IBM Cognos Analytics 11.0.13 Fix Pack 3
None