Cross-Site Scripting Vulnerability in IBM Cognos Business Intelligence
CVE-2016-0221
5.4MEDIUM
Summary
A cross-site scripting (XSS) vulnerability exists in IBM Cognos TM1 which affects several versions of IBM Cognos Business Intelligence. This flaw allows remote authenticated users to execute arbitrary web scripts or HTML through specially crafted URLs. Exploiting this vulnerability can lead to unauthorized actions or exposure of sensitive information, severely impacting the security posture of the affected systems.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved