IBM Cognos TM1 Executive Viewer Multiple Cross Site Scripting Vulnerabilities
BID:51326
Info
IBM Cognos TM1 Executive Viewer Multiple Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 51326 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 09 2012 12:00AM |
| Updated: | Jan 09 2012 12:00AM |
| Credit: | IBM |
| Vulnerable: |
IBM Cognos TM1 Executive Viewer 9.4 |
| Not Vulnerable: |
IBM Cognos TM1 Executive Viewer 9.5 Fix Pack 1 |
Discussion
IBM Cognos TM1 Executive Viewer Multiple Cross Site Scripting Vulnerabilities
IBM Cognos TM1 Executive Viewer is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
IBM Cognos TM1 Executive Viewer 9.4 is vulnerable; other versions may also be affected.
IBM Cognos TM1 Executive Viewer is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
IBM Cognos TM1 Executive Viewer 9.4 is vulnerable; other versions may also be affected.
Exploit / POC
IBM Cognos TM1 Executive Viewer Multiple Cross Site Scripting Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
IBM Cognos TM1 Executive Viewer Multiple Cross Site Scripting Vulnerabilities
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
IBM Cognos TM1 Executive Viewer Multiple Cross Site Scripting Vulnerabilities
References:
References: