IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote…
ibm·CWE-91·Published 2019-11-09
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.
IBM Cognos Analytics versiones 11.0 y 11.1, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o causar que el servidor web realice peticiones HTTP a dominios arbitrarios. ID de IBM X-Force: 147369.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.5 | 8.0 | 6.4 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| 3.0 | Primary | cve.org | 8.3 | — | — | CVSS:3.0/S:U/AV:N/AC:L/C:H/A:L/I:H/UI:N/PR:L/RC:C/E:U/RL:O |
| 3.0 | Primary | cve.org | 8.3 | — | — | CVSS:3.0/S:U/AV:N/AC:L/C:H/A:L/I:H/UI:N/PR:L/RC:C/E:U/RL:O |
| 3.0 | Secondary | NVD | 8.3 | 2.8 | 5.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
| 3.1 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |