Cross-Site Scripting Vulnerability in IBM Cognos Business Intelligence
CVE-2016-0221

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 July 2016

Summary

A cross-site scripting (XSS) vulnerability exists in IBM Cognos TM1 which affects several versions of IBM Cognos Business Intelligence. This flaw allows remote authenticated users to execute arbitrary web scripts or HTML through specially crafted URLs. Exploiting this vulnerability can lead to unauthorized actions or exposure of sensitive information, severely impacting the security posture of the affected systems.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.