Cross-Site Scripting Vulnerability in IBM Cognos TM1
CVE-2016-3038

5.4MEDIUM

Key Information:

Vendor: IBM Corporation
Status: Cognos TM1
Vendor: CVE Published:; 17 April 2017

🔔 Create IBM Corporation Vulnerability Alert

What is CVE-2016-3038?

IBM Cognos TM1 versions 10.1 and 10.2 are susceptible to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code into the Web User Interface. This could compromise the intended functionality of the application and potentially allow an attacker to disclose sensitive credentials during a trusted session. Users accessing these vulnerable versions are advised to take precautions.

Affected Version(s)

Cognos TM1 10.1

Cognos TM1 10.1.1

Cognos TM1 10.2.0.2

References

http://www.ibm.com/support/docview.wss?uid=swg21999649

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97915

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2017
Vulnerability Reserved
Mar 9, 2016