CVE-2014-0854

Name of the Vulnerable Software and Affected Versions IBM Cognos Business Intelligence (BI) version 8.4.1 IBM Cognos Business Intelligence (BI) versions 10.1 through 10.1 before IF6 IBM Cognos Business Intelligence (BI) versions 10.1.1 through 10.1.1 before IF5 IBM Cognos Business Intelligence (BI) versions 10.2 through 10.2 before IF7 IBM Cognos Business Intelligence (BI) versions 10.2.1 through 10.2.1 before IF4 IBM Cognos Business Intelligence (BI) versions 10.2.1.1 through 10.2.1.1 before IF4

Description The issue allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For version 8.4.1, update to a version that includes the fix for this issue. For versions 10.1 through 10.1 before IF6, apply IF6 or a later fix. For versions 10.1.1 through 10.1.1 before IF5, apply IF5 or a later fix. For versions 10.2 through 10.2 before IF7, apply IF7 or a later fix. For versions 10.2.1 through 10.2.1 before IF4, apply IF4 or a later fix. For versions 10.2.1.1 through 10.2.1.1 before IF4, apply IF4 or a later fix.