CVE-2016-8960

Name of the Vulnerable Software and Affected Versions IBM Cognos Business Intelligence version 10.2

Description The issue allows a user with lower privilege capabilities to adopt the capabilities of a higher-privilege user. This is achieved by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests.

Recommendations For IBM Cognos Business Intelligence version 10.2, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a fix is available. As a temporary workaround, review and strengthen cookie handling and session management practices to prevent unauthorized reuse of cookie values.