China National Vulnerability DatabaseCNVD-2023-68782IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2023-68782)
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
23.6%
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines (IBM). The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics suffers from a cross-site scripting vulnerability that stems from improper validation of SVG files in custom visualizations. An attacker could use the vulnerability to execute scripts in the victim’s browser and steal their authentication credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm ibm cognos analytics >=11.1.0, | lt | 11.1.7 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
23.6%