CVE-2014-6145

EUVD-2014-6031
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
ibmcognos_business_intelligence
10.1
ibmcognos_business_intelligence
10.1.1
ibmcognos_business_intelligence
10.2
ibmcognos_business_intelligence
10.2.1
ibmcognos_business_intelligence
10.2.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21692267
https://exchange.xforce.ibmcloud.com/vulnerabilities/96915
http://www-01.ibm.com/support/docview.wss?uid=swg21692267
https://exchange.xforce.ibmcloud.com/vulnerabilities/96915