Vulnerabilities > IBM > Cognos Business Intelligence > 10.2.1

DATE CVE VULNERABILITY TITLE RISK
2014-02-22 CVE-2013-6732 Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
network
ibm CWE-79
4.3
4.3
2013-11-18 CVE-2013-4034 Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-264
4.0
4.0
2013-11-18 CVE-2013-3030 Improper Input Validation vulnerability in IBM Cognos Business Intelligence
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests.
network
low complexity
ibm CWE-20
5.0
5.0
2013-08-27 CVE-2013-2988 Path Traversal vulnerability in IBM Cognos Business Intelligence
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978.
network
high complexity
ibm CWE-22
2.6
2.6
2013-08-27 CVE-2013-2978 Path Traversal vulnerability in IBM Cognos Business Intelligence
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988.
network
high complexity
ibm CWE-22
2.1
2.1
2013-08-27 CVE-2013-0586 Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5