Stored Cross-Site Scripting Vulnerability in IBM Cognos Products
CVE-2016-0217

5.4MEDIUM

Key Information:

Vendor
IBM Corporation
Status
Cognos Business Intelligence
Vendor
CVE Published:
1 February 2017

Summary

IBM Cognos Business Intelligence and IBM Cognos Analytics have a vulnerability that allows for stored cross-site scripting due to inadequate validation of user-supplied input. This weakness can enable a remote attacker to inject malicious scripts into a web page, which, when accessed by a victim, executes within the context of the hosting site. Exploitation of this vulnerability can lead to the theft of cookie-based authentication credentials, posing significant risks to user security.

Affected Version(s)

Cognos Business Intelligence 10

Cognos Business Intelligence 8.3.0

Cognos Business Intelligence 8.4.1

References

http://www.securityfocus.com/bid/95681
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg21996417
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.