Denial of Service Vulnerability in IBM Cognos Business Intelligence Software
CVE-2016-0254

6.5MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 June 2017

Summary

IBM Cognos Business Intelligence versions 10.1 and 10.2 are susceptible to a denial of service due to an XML External Entity Injection vulnerability. This flaw allows a remote authenticated attacker to manipulate XML data processing, potentially leading to excessive consumption of CPU resources and resulting in a denial of service condition. Immediate attention is recommended to mitigate the risks associated with this vulnerability.

Affected Version(s)

Cognos Business Intelligence 10.1.1

Cognos Business Intelligence 10.2

Cognos Business Intelligence 10.2.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.