CVE-2013-6732 - OpenCVE

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Cognos Business Intelligence

Configuration 1 [-]

OR	cpe:2.3:a:ibm:cognos_business_intelligence:8.4.1:::::::*
	cpe:2.3:a:ibm:cognos_business_intelligence:10.1:::::::*
	cpe:2.3:a:ibm:cognos_business_intelligence:10.1.1:::::::*
	cpe:2.3:a:ibm:cognos_business_intelligence:10.2:::::::*
	cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1:::::::*
	cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1.1:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21662856
https://exchange.xforce.ibmcloud.com/vulnerabilities/89394

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-02-22T21:00:00

Updated: 2024-08-06T17:46:22.832Z

Reserved: 2013-11-08T00:00:00

Link: CVE-2013-6732

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-02-22T21:55:04.657

Modified: 2017-08-29T01:34:00.373

Link: CVE-2013-6732

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-20T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-cognos-cve20136732-xss(89394)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89394"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-6732", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-cognos-cve20136732-xss(89394)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89394"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:46:22.832Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-cognos-cve20136732-xss(89394)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89394"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-6732", "datePublished": "2014-02-22T21:00:00", "dateReserved": "2013-11-08T00:00:00", "dateUpdated": "2024-08-06T17:46:22.832Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_business_intelligence:8.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B76A06D-761D-4CFE-A9E6-FC5A1F726CF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "519B7097-7E46-4520-B9F9-A85E13A0F9CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B00BAD84-4BB6-41ED-835E-86AB150716D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "6588FEE1-5A6F-4ED6-998A-B8CF54954F5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FDA8132D-A09E-4D4C-9A5D-D708010CCFFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7CCBB0AE-ECD1-4192-B1BB-18439A4CF7B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el servidor en Cognos Business Intelligence (BI) de IBM versi\u00f3n 8.4.1, versi\u00f3n 10.1 anterior a IF6, versi\u00f3n 10.1.1 anterior a IF5, versi\u00f3n 10.2 anterior a IF7, versi\u00f3n 10.2.1 anterior a IF4 y versi\u00f3n 10.2.1.1 anterior a IF4, permita a los atacantes remotos inyectar script web o HTML arbitrario por medio de un par\u00e1metro no especificado."}], "id": "CVE-2013-6732", "lastModified": "2017-08-29T01:34:00.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-02-22T21:55:04.657", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89394"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}