Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7436

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership.

Published

2016-01-02T21:59:12.970

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 2.5 (LOW)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.4

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	tivoli_common_reporting	2.1	Yes
Application	ibm	tivoli_common_reporting	2.1.1	Yes
Application	ibm	tivoli_common_reporting	2.1.1.2	Yes
Application	ibm	tivoli_common_reporting	3.1	Yes
Application	ibm	tivoli_common_reporting	3.1.0.1	Yes
Application	ibm	tivoli_common_reporting	3.1.0.2	Yes
Application	ibm	tivoli_common_reporting	3.1.2	Yes
Application	ibm	tivoli_common_reporting	3.1.2.1	Yes

References

http://www-01.ibm.com/support/docview.wss?uid=swg21972799 Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21972799 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)