Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0696

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0696
Last Modified 09 Feb 2012 12:00:00
Published 12 Jan 2012 11:14:39
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0696

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js.

Vulnerable Systems

Application

  • Ibm Cognos Executive Viewer

  • Ibm Cognos Tm1 9.4.0

  • Ibm Cognos Tm1 9.4.1

  • Ibm Cognos Tm1 9.4.1.3


References

XF - cevtm1-aspnetclient-createcontrol-xss(72198)

BID - 51326

OSVDB - 78217

OSVDB - 78216

AIXAPAR - PM26682

SECTRACK - 1026491

SECUNIA - 47487


Last Updated: 27 May 2016 10:57:20