7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
There is a security vulnerability whereby a remote attacker could bypass security restrictions in Apache Xalan-Java within IBM Cognos Incentive Compensation Management 8.x and 7.x.
CVE IDs: CVE-2014-0107
**DESCRIPTION:**Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92023> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
IBM Cognos Incentive Compensation Management 8.x and 7.x
The recommended solution is to download and install the following applicable fix packs available via fix central.
These fix packs are available via Fix Central.
None known. Apply fix pack.