Vulnerability Details CVE-2016-8960
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2016-8960
-
cpe:2.3:a:ibm:cognos_business_intelligence:10.2
-
cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1
-
cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1.1
-
cpe:2.3:a:ibm:cognos_business_intelligence:10.2.2