CVE-2013-4034 | Vulnerability Database | Aqua Security

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected Software

Name	Vendor	Start Version	End Version
Cognos_business_intelligence	Ibm	8.4.1 (including)	8.4.1 (including)
Cognos_business_intelligence	Ibm	10.1 (including)	10.1 (including)
Cognos_business_intelligence	Ibm	10.1.1 (including)	10.1.1 (including)
Cognos_business_intelligence	Ibm	10.2 (including)	10.2 (including)
Cognos_business_intelligence	Ibm	10.2.1 (including)	10.2.1 (including)
Cognos_business_intelligence	Ibm	10.2.1.1 (including)	10.2.1.1 (including)

References

http://www-01.ibm.com/support/docview.wss?uid=swg21652590
https://exchange.xforce.ibmcloud.com/vulnerabilities/86137

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4034
CWE	https://cwe.mitre.org/data/definitions/264.html