Cross-Site Scripting Vulnerability in IBM Cognos TM1
CVE-2016-3038

5.4MEDIUM

Key Information:

Vendor
CVE Published:
17 April 2017

Summary

IBM Cognos TM1 versions 10.1 and 10.2 are susceptible to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code into the Web User Interface. This could compromise the intended functionality of the application and potentially allow an attacker to disclose sensitive credentials during a trusted session. Users accessing these vulnerable versions are advised to take precautions.

Affected Version(s)

Cognos TM1 10.1

Cognos TM1 10.1.1

Cognos TM1 10.2.0.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.