CVE-2019-4653

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.0 through 11.1

Description The issue is related to cross-site scripting, which allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This could enable a remote attacker to perform a cross-site scripting attack by not taking measures to protect the web page structure.

Recommendations For versions 11.0 and 11.1, consider disabling JavaScript execution in the Web UI as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.