CVE-2012-2193

2013-03-0504:56:47

CWE-79

[email protected]

web.nvd.nist.gov

cognos

xss

vulnerability

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

ibmcognos_business_intelligenceMatch8.4.1

ibmcognos_business_intelligenceMatch10.1

ibmcognos_business_intelligenceMatch10.1.1

ibmcognos_business_intelligenceMatch10.2

CPENameOperatorVersion
ibm:cognos_business_intelligenceibm cognos business intelligenceeq8.4.1
ibm:cognos_business_intelligenceibm cognos business intelligenceeq10.1
ibm:cognos_business_intelligenceibm cognos business intelligenceeq10.1.1
ibm:cognos_business_intelligenceibm cognos business intelligenceeq10.2

CPE	Name	Operator	Version
ibm:cognos_business_intelligence	ibm cognos business intelligence	eq	8.4.1
ibm:cognos_business_intelligence	ibm cognos business intelligence	eq	10.1
ibm:cognos_business_intelligence	ibm cognos business intelligence	eq	10.1.1
ibm:cognos_business_intelligence	ibm cognos business intelligence	eq	10.2