CVE-2016-0254

Name of the Vulnerable Software and Affected Versions IBM Cognos Business Intelligence versions 10.1 through 10.2

Description The issue is caused by an XML External Entity Injection (XXE) error when processing XML data, allowing a remote authenticated attacker to consume all available CPU resources and cause a denial of service.

Recommendations For versions 10.1 and 10.2, consider restricting access to XML data processing until a fix is available. As a temporary workaround, limit the CPU resources available to the application to prevent complete consumption. Avoid using the XML processing feature in the affected versions until the issue is resolved.