VIR Vulnerability Intelligence Relay

CVE-2014-0861

low
Published 2014-02-22 · Modified 2026-04-29
CVSS v3
CVSS v2
3.5
VIR risk
3.5

Description

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21662856

Application impact
VendorProductVersionsFixed
ibmcognos_business_intelligence8.4.1
ibmcognos_business_intelligence10.1
ibmcognos_business_intelligence10.1.1
ibmcognos_business_intelligence10.2
ibmcognos_business_intelligence10.2.1
ibmcognos_business_intelligence10.2.1.1

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.