Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.