A specific usage scenario of IBM Cognos Disclosure Management could allow an Excel Macro execution on the client machine.
CVEID: CVE-2016-6077**
DESCRIPTION:** IBM Cognos Disclosure Management could allow a remote attacker to insert a specially crafted Macro inside an exported CSV file.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117536> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
Cognos Disclosure Management 10.2.0 - 10.2.6
Cognos Disclosure Management 10.2.5 Interim Fix 7
Cognos Disclosure Management 10.2.6 Interim Fix 5
Users of Cognos Disclosure Management 10.2.4 and previous are advised to contact Customer Support.
None