Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4034 — XML External Entity (XXE) Injection in IBM Cognos Business Intelligence

CWE-2644 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

8.7%

top 7.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Cognos Business Intelligence

Timeline

PublishedNov 18

Latest updateMay 17

Description

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/cognos_business_intelligence6 versions+5

🔴Vulnerability Details

GHSA

GHSA-5mpf-9249-jgx6: IBM Cognos Business Intelligence 8↗2022-05-17

▶

CVEList

CVE-2013-4034: IBM Cognos Business Intelligence 8↗2013-11-16

▶

💥Exploits & PoCs

Exploit-DB

IBM Cognos Business Intelligence - XML External Entity Information Disclosure↗2013-10-11

▶