Cross-Site Scripting Vulnerabilities in IBM Cognos TM1 Executive Viewer
CVE-2012-0696

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Executive Viewer; Cognos Tm1
Vendor: CVE Published:; 13 January 2012

Summary

Multiple cross-site scripting vulnerabilities exist in the Executive Viewer (EV) component of IBM Cognos TM1 prior to version 9.5 FP1. These vulnerabilities enable remote attackers to exploit unspecified requests, allowing them to inject arbitrary web scripts or HTML through the aspnet_client directory or the evserver/createcontrol.js file. Such exploitation can lead to compromised user sessions and unauthorized access to sensitive information.

References

http://www.osvdb.org/78217

vdb-entryx_refsource_OSVDB

http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682

vendor-advisoryx_refsource_AIXAPAR

http://securitytracker.com/id?1026491

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 13, 2012
Vulnerability Reserved
Jan 12, 2012