Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7435

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.

Published

2016-01-02T21:59:11.580

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 2.5 (LOW)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.4

Impact Score

2.9

Weaknesses

Type: Primary
CWE-254

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	tivoli_common_reporting	2.1	Yes
Application	ibm	tivoli_common_reporting	2.1.1	Yes
Application	ibm	tivoli_common_reporting	2.1.1.2	Yes
Application	ibm	tivoli_common_reporting	3.1	Yes
Application	ibm	tivoli_common_reporting	3.1.0.1	Yes
Application	ibm	tivoli_common_reporting	3.1.0.2	Yes
Application	ibm	tivoli_common_reporting	3.1.2	Yes
Application	ibm	tivoli_common_reporting	3.1.2.1	Yes

References

http://www-01.ibm.com/support/docview.wss?uid=swg21972799 Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21972799 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)