CVE-2013-4034

Name of the Vulnerable Software and Affected Versions IBM Cognos Business Intelligence versions 8.4.1 through 8.4.1 before IF3 IBM Cognos Business Intelligence versions 10.1.0 through 10.1.0 before IF4 IBM Cognos Business Intelligence versions 10.1.1 through 10.1.1 before IF4 IBM Cognos Business Intelligence versions 10.2.0 through 10.2.0 before IF4 IBM Cognos Business Intelligence versions 10.2.1 through 10.2.1 before IF2 IBM Cognos Business Intelligence versions 10.2.1.1 through 10.2.1.1 before IF1

Description The issue allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For IBM Cognos Business Intelligence version 8.4.1, apply IF3 or later to resolve the issue. For IBM Cognos Business Intelligence versions 10.1.0 and 10.1.1, apply IF4 or later to resolve the issue. For IBM Cognos Business Intelligence version 10.2.0, apply IF4 or later to resolve the issue. For IBM Cognos Business Intelligence version 10.2.1, apply IF2 or later to resolve the issue. For IBM Cognos Business Intelligence version 10.2.1.1, apply IF1 or later to resolve the issue.