Vulnerabilities > CVE-2016-0254 - XXE vulnerability in IBM Cognos Business Intelligence
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg22004036
- http://www.ibm.com/support/docview.wss?uid=swg22004036
- http://www.securityfocus.com/bid/98971
- http://www.securityfocus.com/bid/98971
- https://exchange.xforce.ibmcloud.com/vulnerabilities/110563
- https://exchange.xforce.ibmcloud.com/vulnerabilities/110563