CVE-2017-1486

Name of the Vulnerable Software and Affected Versions: IBM Cognos Business Intelligence versions 10.2 through 10.2.2

Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session.

Recommendations: For IBM Cognos Business Intelligence versions 10.2 through 10.2.2, consider disabling JavaScript execution in the Web UI as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.