CVE-2012-6350
Published Jan 31, 2013
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cognos_tm1:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80ADA066-2C79-4583-8141-0D7E089F8AB8",
"versionEndIncluding": "9.5.2"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_tm1:9.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CDFEB23-5AD7-45D8-A7A0-7CB58715FE42"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_tm1:9.4.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24623B22-951C-4BDD-91C1-F61D3E5BB41E"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_tm1:9.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FD88340-82E0-4BE9-BCC3-83C76C44C014"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_tm1:9.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADA74CE5-93B9-4427-8073-3B6AF7490D62"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_tm1:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEC88832-A0C1-47C2-BE4B-2F01ADB25208"
}
],
"operator": "OR"
}
]
}
]