IBM Cognos TM1 Executive Viewer Unspecified Cross Site Scripting Vulnerability
BID:51905
Info
IBM Cognos TM1 Executive Viewer Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 51905 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1046 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2012 12:00AM |
| Updated: | Feb 14 2012 12:40PM |
| Credit: | IBM |
| Vulnerable: |
IBM Cognos TM1 Executive Viewer 9.5.2 |
| Not Vulnerable: |
IBM Cognos TM1 Executive Viewer 10.1 |
Discussion
IBM Cognos TM1 Executive Viewer Unspecified Cross Site Scripting Vulnerability
IBM Cognos TM1 Executive Viewer is prone to a cross-site scripting vulnerability because it fails to properly sanitize unspecified user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials.
Cognos TM1 Executive Viewer 9.5.2 is vulnerable; other versions may also be affected.
IBM Cognos TM1 Executive Viewer is prone to a cross-site scripting vulnerability because it fails to properly sanitize unspecified user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials.
Cognos TM1 Executive Viewer 9.5.2 is vulnerable; other versions may also be affected.
Exploit / POC
IBM Cognos TM1 Executive Viewer Unspecified Cross Site Scripting Vulnerability
To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user to follow a malicious URI.
To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
IBM Cognos TM1 Executive Viewer Unspecified Cross Site Scripting Vulnerability
Solution:
Vendor updates are available. Please see the references for details.
Solution:
Vendor updates are available. Please see the references for details.
References
IBM Cognos TM1 Executive Viewer Unspecified Cross Site Scripting Vulnerability
References:
References: