William Shea

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Analytics versions 11.1.7 through 11.2.1 **Description** The issue allows a remote attacker to obtain system information without authentication, which could be used in reconnaissance to gather information for future attacks. **Recommendations** For versions 11.1.7, 11.2.0, and 11.2.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Analytics versions 11.1.7 through 11.2.1 **Description** The issue is related to server-side request forgery (SSRF), which may allow an authenticated attacker to send unauthorized requests from the system. This could potentially lead to network enumeration or facilitate other attacks. **Recommendations** For versions 11.1.7, 11.2.0, and 11.2.1, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.