IBM Cognos Business Intelligence 10.1/10.2 XML Data XML External Entity

wpiseditHistoryDiffjsonxmlCTI

W IBM Cognos Business Intelligence 10.1/10.2 (Business Process Management Software) została stwierdzona podatność. Podatnością dotknięta jest nieznana funkcja w komponencie XML Data Handler. Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

Pole2019-10-14 11:372020-12-26 10:522020-12-26 10:54
typeBusiness Process Management SoftwareBusiness Process Management SoftwareBusiness Process Management Software
vendorIBMIBMIBM
nameCognos Business IntelligenceCognos Business IntelligenceCognos Business Intelligence
version10.1/10.210.1/10.210.1/10.2
componentXML Data HandlerXML Data HandlerXML Data Handler
cwe611 (XML External Entity)611 (XML External Entity)611 (XML External Entity)
risk111
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore4.04.04.0
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiCCC
cvss3_meta_basescore5.45.45.4
cvss3_meta_tempscore5.45.45.4
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.34.34.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1496793600 (2017-06-07)1496793600 (2017-06-07)1496793600 (2017-06-07)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22004036http://www.ibm.com/support/docview.wss?uid=swg22004036http://www.ibm.com/support/docview.wss?uid=swg22004036
price_0day$0-$5k$5k-$25k$5k-$25k
price_trend+++
cveCVE-2016-0254CVE-2016-0254CVE-2016-0254
cve_assigned144953280014495328001449532800
cve_nvd_published149679360014967936001496793600
cve_nvd_summaryIBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.
securityfocus989719897198971
securityfocus_titleIBM Cognos Business Intelligence Server XML External Entity Denial of Service VulnerabilityIBM Cognos Business Intelligence Server XML External Entity Denial of Service VulnerabilityIBM Cognos Business Intelligence Server XML External Entity Denial of Service Vulnerability
qualys_id371523371523371523
qualys_titleIBM Cognos Business Intelligence Server Multiple Vulnerabilities (swg22004036)IBM Cognos Business Intelligence Server Multiple Vulnerabilities (swg22004036)IBM Cognos Business Intelligence Server Multiple Vulnerabilities (swg22004036)
seealso92811 92879 93546 95679 95680 95681 95683 95684 95685 95686 95687 95689 95690 95691 95692 95693 102055 10205792811 92879 93546 95679 95680 95681 95683 95684 95685 95686 95687 95689 95690 95691 95692 95693 102055 10205792811 92879 93546 95679 95680 95681 95683 95684 95685 95686 95687 95689 95690 95691 95692 95693 102055 102057
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcCCC
0day_days666
cvss3_nvd_basescore6.56.56.5
discoverydate149627520014962752001496275200
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22004036http://www.ibm.com/support/docview.wss?uid=swg22004036http://www.ibm.com/support/docview.wss?uid=swg22004036
securityfocus_date1496275200 (2017-06-01)1496275200 (2017-06-01)1496275200 (2017-06-01)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
xforce110563110563
cvss2_nvd_basescore6.86.8
person_nameJakub Palaczynski

Do you want to use VulDB in your project?

Use the official API to access entries easily!