IBM Cognos Analytics Multiple CVEs Advisory (XSS/Info Disclosure)

Critical Vulnerability Information CVEID: CVE-2016-4483 - Description: libxml2 is vulnerable to a denial of service. - CVSS Base Score: 4.3 CVEID: CVE-2016-2073 - Description: libxml2 is vulnerable to a heap-based buffer overflow. - CVSS Base Score: 6.3 CVEID: CVE-2016-3705 - Description: libxml2 is vulnerable to a stack-based buffer overflow. - CVSS Base Score: 6.3 CVEID: CVE-2016-4447 - Description: libxml2 is vulnerable to a denial of service caused by a heap-based buffer overflow. - CVSS Base Score: 4.3 CVEID: CVE-2016-4448 - Description: libxml2 could allow a remote attacker to execute arbitrary code on the system. - CVSS Base Score: 7.3 CVEID: CVE-2016-4449 - Description: libxml2 could allow a remote attacker to obtain sensitive information. - CVSS Base Score: 7.5 CVEID: CVE-2015-8806 - Description: libxml2 is vulnerable to a denial of service caused by a heap-buffer overread. - CVSS Base Score: 4.3 CVEID: CVE-2016-5986 - Description: IBM WebSphere Application Server and Liberty could allow a remote attacker to obtain sensitive information. - CVSS Base Score: 3.7 CVEID: CVE-2016-0359 - Description: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. - CVSS Base Score: 6.1 CVEID: CVE-2016-2018 - Description: IBM Cognos TM1 is vulnerable to cross-site scripting. - CVSS Base Score: 5.4 CVEID: CVE-2016-0217 - Description: IBM Cognos Business Intelligence and Analytics are vulnerable to stored cross-site scripting. - CVSS Base Score: 5.4 Affected Products and Versions IBM Cognos Analytics Version 11.0.0.0 to 11.0.4.0 Remediation Recommendations It is recommended to apply version 11.0.5.0

Goal Reached Thanks to every supporter — we hit 100%!

IBM Cognos Analytics Multiple CVEs Advisory (XSS/Info Disclosure)