Denial of Service Vulnerability in IBM Cognos Business Intelligence Software
CVE-2016-0254
6.5MEDIUM
Summary
IBM Cognos Business Intelligence versions 10.1 and 10.2 are susceptible to a denial of service due to an XML External Entity Injection vulnerability. This flaw allows a remote authenticated attacker to manipulate XML data processing, potentially leading to excessive consumption of CPU resources and resulting in a denial of service condition. Immediate attention is recommended to mitigate the risks associated with this vulnerability.
Affected Version(s)
Cognos Business Intelligence 10.1.1
Cognos Business Intelligence 10.2
Cognos Business Intelligence 10.2.1
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved