IBM Cognos Business Intelligence CVE-2012-4840 XPath Injection Vulnerability
BID:58264
Info
IBM Cognos Business Intelligence CVE-2012-4840 XPath Injection Vulnerability
| Bugtraq ID: | 58264 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-4840 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 27 2013 12:00AM |
| Updated: | Feb 27 2013 12:00AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
IBM Cognos Business Intelligence 10.1.1 IBM Cognos Business Intelligence 8.4.1 IBM Cognos Business Intelligence 10.2 IBM Cognos Business Intelligence 10.1 |
| Not Vulnerable: | |
Discussion
IBM Cognos Business Intelligence CVE-2012-4840 XPath Injection Vulnerability
IBM Cognos Business Intelligence is prone to an XPath-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in a XPath (XML Path Language) query.
Exploiting this issue could allow an attacker to access or modify data of an XML document.
IBM Cognos Business Intelligence 10.1, 10.1.1, 10.2, and 8.4.1 are vulnerable.
IBM Cognos Business Intelligence is prone to an XPath-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in a XPath (XML Path Language) query.
Exploiting this issue could allow an attacker to access or modify data of an XML document.
IBM Cognos Business Intelligence 10.1, 10.1.1, 10.2, and 8.4.1 are vulnerable.
Exploit / POC
IBM Cognos Business Intelligence CVE-2012-4840 XPath Injection Vulnerability
An attacker can exploit this issue through a browser.
An attacker can exploit this issue through a browser.