Oren Ofer

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Business Intelligence (BI) versions 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 **Description** A cross-site scripting (XSS) issue exists in the server, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For IBM Cognos Business Intelligence (BI) version 8.4.1, update to a version that includes the fix for this issue. For IBM Cognos Business Intelligence (BI) version 10.1, update to a version that includes the fix for this issue. For IBM Cognos Business Intelligence (BI) version 10.1.1, update to a version that includes the fix for this issue. For IBM Cognos Business Intelligence (BI) version 10.2, update to a version that includes the fix for this issue. For IBM Cognos Business Intelligence (BI) version 10.2.1, update to a version that includes the fix for this issue.