CVE-2015-7435

Published: Jan 2, 2016Modified: May 6, 2026

2.5

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 1.0 / Impact: 1.4

Source: NVD

Description

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.

Affected (8)

Products: Ibm: Tivoli Common Reporting

Ibm

1 product

Tivoli Common Reporting

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Common Reporting	Version 2.1.1.2
Ibm Tivoli Common Reporting	Version 2.1.1
Ibm Tivoli Common Reporting	Version 2.1
Ibm Tivoli Common Reporting	Version 3.1.0.1
Ibm Tivoli Common Reporting	Version 3.1.0.2
Ibm Tivoli Common Reporting	Version 3.1.2.1
Ibm Tivoli Common Reporting	Version 3.1.2
Ibm Tivoli Common Reporting	Version 3.1

Related CWEs

CWE-254

References (2)

http://www-01.ibm.com/support/docview.wss?uid=swg21972799

Source: psirt@us.ibm.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21972799

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.