Jarad Kopf

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Analytics versions 11.0 through 11.1 **Description** The issue allows a remote attacker to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains through a XML External Entity Injection (XXE) attack when processing XML data. **Recommendations** For IBM Cognos Analytics versions 11.0 through 11.1, update to a version that includes a fix for this issue to prevent XXE attacks.

**Name of the Vulnerable Software and Affected Versions** Sitecore Experience Platform (XP) versions prior to 9.1.1 **Description** The issue allows remote code execution via deserialization. An authenticated user with necessary permissions can remotely execute OS commands by sending a crafted serialized object. **Recommendations** For versions prior to 9.1.1, update to version 9.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Analytics version 11.0 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM Cognos Analytics version 11.0, update to a version that includes a fix for this issue to prevent cross-site scripting attacks.