CVE-2014-6145

Name of the Vulnerable Software and Affected Versions IBM Cognos Business Intelligence versions 10.1 before IF10 IBM Cognos Business Intelligence versions 10.1.1 before IF9 IBM Cognos Business Intelligence versions 10.2 before IF11 IBM Cognos Business Intelligence versions 10.2.1 before IF8 IBM Cognos Business Intelligence versions 10.2.1.1 before IF7

Description A cross-site scripting (XSS) issue exists in the server, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This can be achieved by manipulating the URL in a way that injects malicious script or HTML code.

Recommendations For IBM Cognos Business Intelligence version 10.1 before IF10, apply the IF10 fix to resolve the issue. For IBM Cognos Business Intelligence version 10.1.1 before IF9, apply the IF9 fix to resolve the issue. For IBM Cognos Business Intelligence version 10.2 before IF11, apply the IF11 fix to resolve the issue. For IBM Cognos Business Intelligence version 10.2.1 before IF8, apply the IF8 fix to resolve the issue. For IBM Cognos Business Intelligence version 10.2.1.1 before IF7, apply the IF7 fix to resolve the issue.