CVE-2015-1969

Name of the Vulnerable Software and Affected Versions IBM Tivoli Common Reporting versions 2.1 before IF13 IBM Tivoli Common Reporting versions 2.1.1 before IF21 IBM Tivoli Common Reporting versions 3.1.x

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This can be achieved by manipulating the URL in a way that injects malicious code, potentially leading to unauthorized actions on the affected system.

Recommendations For IBM Tivoli Common Reporting versions 2.1 before IF13, apply IF13 or a later fix. For IBM Tivoli Common Reporting versions 2.1.1 before IF21, apply IF21 or a later fix. For IBM Tivoli Common Reporting versions 3.1.x, update to a version that is not affected by this issue, such as Cognos Business Intelligence 10.2 IF0015 or later.