Vulnerability Name: CVE-2014-6145 (CCN-96915) Assigned: 2014-12-09 Published: 2014-12-09 Updated: 2017-09-08 Summary: Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. CVSS v3 Severity: 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N 3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-79 Vulnerability Consequences: Cross-Site Scripting References: Source: MITRECVE-2014-6145 IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568). http://www-01.ibm.com/support/docview.wss?uid=swg21692267 Tivoli Common Reporting iFixes for CVE-2014-3566,CVE-2014-6145,CVE-2014-1568,CVE-2014-4263,CVE-2014-3513,CVE-2014-3567,CVE-2014-3568,CVE-2014-0107,CVE-2014-0075,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119,CVE-2014-0878,CVE-2014-0460 ibm-cognos-cve20146145-xss(96915) ibm-cognos-cve20146145-xss(96915) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2.1.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:* AND cpe:/a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:* BACK
ibm cognos business intelligence 10.1
ibm cognos business intelligence 10.1.1
ibm cognos business intelligence 10.2
ibm cognos business intelligence 10.2.1
ibm cognos business intelligence 10.2.1.1
ibm cognos business intelligence 10.1
ibm cognos business intelligence 10.1.1
ibm cognos business intelligence 10.2
ibm cognos business intelligence 10.2.1
ibm cognos business intelligence 10.2.2
ibm tivoli common reporting 2.1
ibm tivoli common reporting 2.1.1
ibm tivoli common reporting 3.1
ibm tivoli common reporting 3.1.0.1
ibm tivoli common reporting 3.1.0.2
Denotes that component is vulnerable