IBM Cognos Business Intelligence CVE-2012-2177 Unspecified Cross Site Scripting Vulnerability
BID:58269
Info
IBM Cognos Business Intelligence CVE-2012-2177 Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 58269 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2177 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 27 2013 12:00AM |
| Updated: | Feb 27 2013 12:00AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
IBM Cognos Business Intelligence 10.1.1 IBM Cognos Business Intelligence 8.4.1 IBM Cognos Business Intelligence 10.2 IBM Cognos Business Intelligence 10.1 |
| Not Vulnerable: | |
Discussion
IBM Cognos Business Intelligence CVE-2012-2177 Unspecified Cross Site Scripting Vulnerability
IBM Cognos Business Intelligence is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IBM Cognos Business Intelligence 10.1, 10.1.1, 10.2, and 8.4.1 are vulnerable.
IBM Cognos Business Intelligence is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IBM Cognos Business Intelligence 10.1, 10.1.1, 10.2, and 8.4.1 are vulnerable.
Exploit / POC
IBM Cognos Business Intelligence CVE-2012-2177 Unspecified Cross Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user into visiting a specially crafted URL.
An attacker can exploit this issue by enticing an unsuspecting user into visiting a specially crafted URL.