Troubleshooting
Problem
Customer is checking for security vulnerabilites via the IBM AppScan tool. The report identifies a 'Cross-Site Request Forgery' problem.
Symptom
Appscan report:
Cross-Site Request Forgery
Severity: Medium
CVSS Score: 6.4
Entity: cognos.cgi (Page)
Risk: It may be possible to steal or manipulate customer session and cookies, which might be used to
impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform
transactions as that user
Causes: Insufficient authentication method was used by the application
[{"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.2.1","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}},{"Product":{"code":"SSMRTZ","label":"IBM Cognos Controller on Cloud"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
08 May 2025
UID
swg21964589