IBM Cognos Business Intelligence CVE-2012-4836 Unspecified HTML Injection Vulnerability
BID:58272
Info
IBM Cognos Business Intelligence CVE-2012-4836 Unspecified HTML Injection Vulnerability
| Bugtraq ID: | 58272 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-4836 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 27 2013 12:00AM |
| Updated: | Feb 27 2013 12:00AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
IBM Cognos Business Intelligence 10.1.1 IBM Cognos Business Intelligence 8.4.1 IBM Cognos Business Intelligence 10.2 IBM Cognos Business Intelligence 10.1 |
| Not Vulnerable: | |
Discussion
IBM Cognos Business Intelligence CVE-2012-4836 Unspecified HTML Injection Vulnerability
IBM Cognos Business Intelligence is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is displayed, and launch other attacks.
IBM Cognos Business Intelligence 10.1, 10.1.1, 10.2, and 8.4.1 are vulnerable.
IBM Cognos Business Intelligence is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is displayed, and launch other attacks.
IBM Cognos Business Intelligence 10.1, 10.1.1, 10.2, and 8.4.1 are vulnerable.
Solution / Fix
IBM Cognos Business Intelligence CVE-2012-4836 Unspecified HTML Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.