Ibm Corporation Cognos Business Intelligence vulnerabilities

CVE-2016-8960 [HIGH] CWE-264 CVE-2016-8960: IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.

CVE-2016-9985 [MEDIUM] CWE-532 CVE-2016-9985: IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be rea IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

CVE-2016-0218 [MEDIUM] CWE-79 CVE-2016-0218: IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, ca IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked.

CVE-2016-0217 [MEDIUM] CWE-79 CVE-2016-0217: IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site script IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site