Home

CVE-2017-1427

Description

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.285

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.2Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.3Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.5Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.6Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234