PT-2014-3899 · Ibm · Ibm Cognos Business Intelligence
Published
2014-02-22
·
Updated
2014-03-06
·
CVE-2014-0861
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Business Intelligence (BI) versions 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4
Description
A cross-site scripting (XSS) issue exists due to improper handling of an unspecified parameter during use of the Back button, allowing remote attackers to inject arbitrary web script or HTML.
Recommendations
For version 8.4.1, update to a version that includes the fix for this issue.
For version 10.1, apply IF6 or later to resolve the issue.
For version 10.1.1, apply IF5 or later to resolve the issue.
For version 10.2, apply IF7 or later to resolve the issue.
For version 10.2.1, apply IF4 or later to resolve the issue.
For version 10.2.1.1, apply IF4 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Business Intelligence