CVE-2012-0696

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Executive Viewer; Cognos Tm1
Vendor: CVE Published:; 13 January 2012

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js.

References

http://www.osvdb.org/78217

vdb-entryx_refsource_OSVDB

http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682

vendor-advisoryx_refsource_AIXAPAR

http://securitytracker.com/id?1026491

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 13, 2012
Vulnerability Reserved
Jan 12, 2012