CVE-2021-38903

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.1.7 through 11.2.0

Description The issue is caused by improper validation of user-supplied input, allowing a remote attacker to inject malicious script into a Web page. This script would be executed in a victim's Web browser within the security context of the hosting Web site once the URL is clicked. An attacker could use this to steal the victim's cookie-based authentication credentials.

Recommendations For versions 11.1.7 through 11.2.0, update to a version that fixes the cross-site scripting vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.