This bulletin addresses a security vulnerability that has been fixed in IBM Cognos Analytics 11.1.2 and IBM Cognos Analytics 11.0.13 FP1. A Cross Site Scripting (XSS) vulnerability could allow attackers to inject code into a GET statement when importing visualizations. This has been addressed in the latest available updates.
CVE(s): CVE-2019-4139
Affected product(s) and affected version(s):
IBM Cognos Analytics 11.1.1
IBM Cognos Analytics 11.1.0
IBM Cognos Analytics 11.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10883872
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158335
The post IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ibm.co/2WlhWKS
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.