Denial of Service Vulnerability in IBM Cognos Business Intelligence Software
CVE-2016-0254

6.5MEDIUM

Key Information:

Vendor

IBM
Status
Cognos Business Intelligence
Vendor
CVE Published:
7 June 2017

What is CVE-2016-0254?

IBM Cognos Business Intelligence versions 10.1 and 10.2 are susceptible to a denial of service due to an XML External Entity Injection vulnerability. This flaw allows a remote authenticated attacker to manipulate XML data processing, potentially leading to excessive consumption of CPU resources and resulting in a denial of service condition. Immediate attention is recommended to mitigate the risks associated with this vulnerability.

Affected Version(s)

Cognos Business Intelligence 10.1.1

Cognos Business Intelligence 10.2

Cognos Business Intelligence 10.2.1

References

http://www.ibm.com/support/docview.wss?uid=swg22004036
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98971
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/110563
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.