Description
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- ibm / controller11.0.0 – 11.0.0
- ibm / controller11.0.1 – 11.0.1
- ibm / controller11.1.0 – 11.1.0
- ibm / controller11.1.0 – 11.1.0