Lucene search

[email protected]CVE-2012-0696

HistoryJan 13, 2012 - 4:14 a.m.

CVE-2012-0696

2012-01-1304:14:39

CWE-79

[email protected]

web.nvd.nist.gov

ibm

cognos

tm1

xss

vulnerabilities

security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js.

Affected configurations

NVD

Node

ibmcognos_executive_viewer

ibmcognos_tm1Range≤9.4.1.3

ibmcognos_tm1Match9.4.0

ibmcognos_tm1Match9.4.1

CPENameOperatorVersion
ibm:cognos_executive_vieweribm cognos executive viewereq*
ibm:cognos_tm1ibm cognos tm1le9.4.1.3
ibm:cognos_tm1ibm cognos tm1eq9.4.0
ibm:cognos_tm1ibm cognos tm1eq9.4.1

CPE	Name	Operator	Version
ibm:cognos_executive_viewer	ibm cognos executive viewer	eq	*
ibm:cognos_tm1	ibm cognos tm1	le	9.4.1.3
ibm:cognos_tm1	ibm cognos tm1	eq	9.4.0
ibm:cognos_tm1	ibm cognos tm1	eq	9.4.1

References

secunia.com/advisories/47487

securitytracker.com/id?1026491

www-01.ibm.com/support/docview.wss?uid=swg1PM26682

www.osvdb.org/78216

www.osvdb.org/78217

www.securityfocus.com/bid/51326

exchange.xforce.ibmcloud.com/vulnerabilities/72198

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2012-0696

cvelist2 nvd2 prion2 cve1