Cross-Site Scripting Vulnerability in IBM Cognos Business Intelligence
CVE-2013-6732

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Business Intelligence
Vendor: CVE Published:; 22 February 2014

Summary

This issue allows remote attackers to exploit a cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence, enabling them to inject arbitrary web scripts or HTML. The vulnerability is caused by improper handling of input parameters, which can be exploited if not adequately sanitized. Affected versions include 8.4.1, multiple releases of 10.1, 10.2, and related sub-versions, highlighting the importance of updating to the latest patches to mitigate this security risk. For remediation, users are advised to apply the appropriate updates as listed in IBM's support documentation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89394

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21662856

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 22, 2014
Vulnerability Reserved
Nov 8, 2013