IBM6D6556991F888C8004B54D12A82AC8873109EBF51E45B7A13C0799FB81F782CCSecurity Bulletin: IBM Cognos Disclosure Management could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document (CVE-2016-6077)
0.001 Low
EPSS
Percentile
23.2%
Summary
A specific usage scenario of IBM Cognos Disclosure Management could allow an Excel Macro execution on the client machine.
Vulnerability Details
CVEID: CVE-2016-6077**
DESCRIPTION:** IBM Cognos Disclosure Management could allow a remote attacker to insert a specially crafted Macro inside an exported CSV file.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117536> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
Affected Products and Versions
Cognos Disclosure Management 10.2.0 - 10.2.6
Remediation/Fixes
Cognos Disclosure Management 10.2.5 Interim Fix 7
Cognos Disclosure Management 10.2.6 Interim Fix 5
Users of Cognos Disclosure Management 10.2.4 and previous are advised to contact Customer Support.
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
23.2%