Cross site scripting

2017-04-0518:59:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.1%

JSON

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.

CPENameOperatorVersion
cognos_analyticseq11.0.3
cognos_analyticseq11.0.0
cognos_analyticseq11.0.2
cognos_analyticseq11.0.4
cognos_analyticseq11.0.1

Name	Operator	Version
cognos_analytics	eq	11.0.3
cognos_analytics	eq	11.0.0
cognos_analytics	eq	11.0.2
cognos_analytics	eq	11.0.4
cognos_analytics	eq	11.0.1

References

www.ibm.com/support/docview.wss?uid=swg21998887

www.securityfocus.com/bid/97279