Cross-Site Scripting Vulnerability in IBM Cognos Business Intelligence
CVE-2016-0221

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Cognos Business Intelligence
Vendor
CVE Published:
3 July 2016

Summary

A cross-site scripting (XSS) vulnerability exists in IBM Cognos TM1 which affects several versions of IBM Cognos Business Intelligence. This flaw allows remote authenticated users to execute arbitrary web scripts or HTML through specially crafted URLs. Exploiting this vulnerability can lead to unauthorized actions or exposure of sensitive information, severely impacting the security posture of the affected systems.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21984323
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036221
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/91542
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.