Cross-Site Scripting Vulnerability in IBM Cognos TM1
CVE-2016-3038
5.4MEDIUM
Summary
IBM Cognos TM1 versions 10.1 and 10.2 are susceptible to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code into the Web User Interface. This could compromise the intended functionality of the application and potentially allow an attacker to disclose sensitive credentials during a trusted session. Users accessing these vulnerable versions are advised to take precautions.
Affected Version(s)
Cognos TM1 10.1
Cognos TM1 10.1.1
Cognos TM1 10.2.0.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved