XML External Entity Vulnerability in IBM Cognos Business Intelligence
CVE-2013-4034

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Business Intelligence
Vendor: CVE Published:; 18 November 2013

What is CVE-2013-4034?

A vulnerability in IBM Cognos Business Intelligence allows remote authenticated users to exploit XML External Entities (XXE). This attack can enable unauthorized access to sensitive files on the server by carefully crafting XML requests that declare external entities. Affected versions include multiple iterations across the platform, presenting a significant risk of data exposure if not addressed.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21652590

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/86137

vdb-entryx_refsource_XF

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2013
Vulnerability Reserved
Jun 7, 2013