PT-2014-3899 · Ibm · Ibm Cognos Business Intelligence
Publicado
2014-02-22
·
Atualizado
2014-03-06
·
CVE-2014-0861
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Business Intelligence (BI) versions 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4
Description
A cross-site scripting (XSS) issue exists due to improper handling of an unspecified parameter during use of the Back button, allowing remote attackers to inject arbitrary web script or HTML.
Recommendations
For version 8.4.1, update to a version that includes the fix for this issue.
For version 10.1, apply IF6 or later to resolve the issue.
For version 10.1.1, apply IF5 or later to resolve the issue.
For version 10.2, apply IF7 or later to resolve the issue.
For version 10.2.1, apply IF4 or later to resolve the issue.
For version 10.2.1.1, apply IF4 or later to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Cognos Business Intelligence