CVE-2013-4034

EUVD-2013-3965
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
ibmcognos_business_intelligence
8.4.1
ibmcognos_business_intelligence
10.1
ibmcognos_business_intelligence
10.1.1
ibmcognos_business_intelligence
10.2
ibmcognos_business_intelligence
10.2.1
ibmcognos_business_intelligence
10.2.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21652590
https://exchange.xforce.ibmcloud.com/vulnerabilities/86137
http://www-01.ibm.com/support/docview.wss?uid=swg21652590
https://exchange.xforce.ibmcloud.com/vulnerabilities/86137