Cross-Site Scripting Vulnerability in IBM Cognos TM1
CVE-2016-3038

5.4MEDIUM

Key Information:

Vendor: IBM Corporation
Status: Cognos TM1
Vendor: CVE Published:; 17 April 2017

Summary

IBM Cognos TM1 versions 10.1 and 10.2 are susceptible to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code into the Web User Interface. This could compromise the intended functionality of the application and potentially allow an attacker to disclose sensitive credentials during a trusted session. Users accessing these vulnerable versions are advised to take precautions.

Affected Version(s)

Cognos TM1 10.1

Cognos TM1 10.1.1

Cognos TM1 10.2.0.2

References

http://www.ibm.com/support/docview.wss?uid=swg21999649

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97915

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 17, 2017
Vulnerability Reserved
Mar 9, 2016