XPath Injection Vulnerability in IBM Cognos Business Intelligence
CVE-2012-4840

Currently unrated

Key Information:

Vendor

IBM
Status
Cognos Business Intelligence
Vendor
CVE Published:
5 March 2013

What is CVE-2012-4840?

IBM Cognos Business Intelligence (BI) versions 8.4.1 prior to IF1, 10.1 prior to IF2, 10.1.1 prior to IF2, and 10.2 prior to IF1 are susceptible to XPath injection attacks. This vulnerability allows remote attackers to manipulate XPath queries, thereby potentially executing unauthorized commands within the application. Attackers can exploit unspecified vectors to invoke XPath extension functions, posing a significant risk to data integrity and security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79116
vdb-entryx_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg24034373
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21626697
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.