XPath Injection Vulnerability in IBM Cognos Business Intelligence
CVE-2012-4837

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Business Intelligence
Vendor: CVE Published:; 5 March 2013

Summary

IBM Cognos Business Intelligence prior to specific fix releases is vulnerable to XPath injection attacks, enabling remote authenticated users to manipulate queries and access sensitive XML files. This can lead to unauthorized data exposure through exploited unspecified vectors, emphasizing the need for timely updates and proper security measures to safeguard against such threats.

References

http://www-01.ibm.com/support/docview.wss?uid=swg24034373

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/78919

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21626697

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 5, 2013
Vulnerability Reserved
Sep 6, 2012