Vulnerabilities > CVE-2015-7435 - 7PK - Security Features vulnerability in IBM Tivoli Common Reporting

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

ibm

CWE-254

NVD

Published: 2016-01-02

Updated: 2016-01-08

Summary

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Tivoli Common Reporting 2.1 IBM Tivoli Common Reporting 2.1.1 IBM Tivoli Common Reporting 2.1.1.2 IBM Tivoli Common Reporting 3.1 IBM Tivoli Common Reporting 3.1.0.1 IBM Tivoli Common Reporting 3.1.0.2 IBM Tivoli Common Reporting 3.1.2 IBM Tivoli Common Reporting 3.1.2.1	8

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://www-01.ibm.com/support/docview.wss?uid=swg21972799