Vulnerability in Ibm Cognos_business_intelligence

CVE-2014-0854

The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document contai…

EPSS: 0.002 (44.4th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_business_intelligence — versions 8.4.1, 10.1, 10.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

ibm-cognos-cve20140854-xxe(90794) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)