CVE-2016-0217
N/A
N/A
Summary
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM Corporation | Cognos Business Intelligence | 10 | affected |
| IBM Corporation | Cognos Business Intelligence | 8.3.0 | affected |
| IBM Corporation | Cognos Business Intelligence | 8.4.1 | affected |
| IBM Corporation | Cognos Business Intelligence | 8.4 | affected |
| IBM Corporation | Cognos Business Intelligence | 10.1 | affected |
| IBM Corporation | Cognos Business Intelligence | 10.1.1 | affected |
| IBM Corporation | Cognos Business Intelligence | 10.2 | affected |
| IBM Corporation | Cognos Business Intelligence | 10.2.1 | affected |
| IBM Corporation | Cognos Business Intelligence | 10.2.1.1 | affected |
| IBM Corporation | Cognos Business Intelligence | 10.2.2 | affected |
| IBM Corporation | Cognos Business Intelligence | 2 | affected |
Weaknesses
- Cross-Site Scripting
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.