PT-2016-4157 · Ibm · Ibm Cognos Business Intelligence
Mohit Rawat
+1
·
Publicado
2016-07-03
·
Atualizado
2017-09-01
·
CVE-2016-0346
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Business Intelligence versions 10.1.1 before IF19
IBM Cognos Business Intelligence versions 10.2 before IF20
IBM Cognos Business Intelligence versions 10.2.1 before IF17
IBM Cognos Business Intelligence versions 10.2.1.1 before IF16
IBM Cognos Business Intelligence versions 10.2.2 before IF12
Description
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This can lead to the execution of malicious code on the user's browser.
Recommendations
For IBM Cognos Business Intelligence version 10.1.1, update to IF19 or later.
For IBM Cognos Business Intelligence version 10.2, update to IF20 or later.
For IBM Cognos Business Intelligence version 10.2.1, update to IF17 or later.
For IBM Cognos Business Intelligence version 10.2.1.1, update to IF16 or later.
For IBM Cognos Business Intelligence version 10.2.2, update to IF12 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Cognos Business Intelligence