PT-2015-5522 · Ibm · Ibm Cognos Business Intelligence+1
Published
2015-10-04
·
Updated
2016-12-07
·
CVE-2015-1969
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Common Reporting versions 2.1 before IF13
IBM Tivoli Common Reporting versions 2.1.1 before IF21
IBM Tivoli Common Reporting versions 3.1.x
Description
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This can be achieved by manipulating the URL in a way that injects malicious code, potentially leading to unauthorized actions on the affected system.
Recommendations
For IBM Tivoli Common Reporting versions 2.1 before IF13, apply IF13 or a later fix.
For IBM Tivoli Common Reporting versions 2.1.1 before IF21, apply IF21 or a later fix.
For IBM Tivoli Common Reporting versions 3.1.x, update to a version that is not affected by this issue, such as Cognos Business Intelligence 10.2 IF0015 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Business Intelligence
Ibm Tivoli Common Reporting