CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-4836

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.9%

CVSS Severity

CVSS v2 Score 3.5

References

http://www-01.ibm.com/support/docview.wss?uid=swg21626697
http://www-01.ibm.com/support/docview.wss?uid=swg24034373
https://exchange.xforce.ibmcloud.com/vulnerabilities/78918
http://www-01.ibm.com/support/docview.wss?uid=swg21626697
http://www-01.ibm.com/support/docview.wss?uid=swg24034373
https://exchange.xforce.ibmcloud.com/vulnerabilities/78918

Products affected by CVE-2012-4836

Ibm » Cognos Business Intelligence » Version: 10.1

cpe:2.3:a:ibm:cognos_business_intelligence:10.1
Ibm » Cognos Business Intelligence » Version: 10.1.1

cpe:2.3:a:ibm:cognos_business_intelligence:10.1.1
Ibm » Cognos Business Intelligence » Version: 10.2

cpe:2.3:a:ibm:cognos_business_intelligence:10.2
Ibm » Cognos Business Intelligence » Version: 8.4.1

cpe:2.3:a:ibm:cognos_business_intelligence:8.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4836

Products

Pricing

Contact Us