Vijay Chaudhary

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Analytics version 11.0 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM Cognos Analytics version 11.0, update to a version that includes the fix for the issue, as referenced in IBM Reference #: 1998887.

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Analytics version 11.0 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM Cognos Analytics version 11.0, consider disabling the Web UI functionality until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Business Intelligence versions 10.1.1 before IF19 IBM Cognos Business Intelligence versions 10.2 before IF20 IBM Cognos Business Intelligence versions 10.2.1 before IF17 IBM Cognos Business Intelligence versions 10.2.1.1 before IF16 IBM Cognos Business Intelligence versions 10.2.2 before IF12 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This can lead to the execution of malicious code on the user's browser. **Recommendations** For IBM Cognos Business Intelligence version 10.1.1, update to IF19 or later. For IBM Cognos Business Intelligence version 10.2, update to IF20 or later. For IBM Cognos Business Intelligence version 10.2.1, update to IF17 or later. For IBM Cognos Business Intelligence version 10.2.1.1, update to IF16 or later. For IBM Cognos Business Intelligence version 10.2.2, update to IF12 or later.