CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-7436
https://notcve.org/view.php?id=CVE-2015-7436
02 Jan 2016 — IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership. IBM Tivoli Common Reporting (TCR) 2.1 en ve... • http://www-01.ibm.com/support/docview.wss?uid=swg21972799 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-7435
https://notcve.org/view.php?id=CVE-2015-7435
02 Jan 2016 — IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field. IBM Tivoli Common Reporting (TCR) 2.1 en versiones anteriores a IF14, 2.1.1 en versiones anteriores a IF22, 2.1.1.2 en versiones anterio... • http://www-01.ibm.com/support/docview.wss?uid=swg21972799 • CWE-254: 7PK - Security Features •
CVSS: 10.0EPSS: 93%CPEs: 21EXPL: 2CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
02 Jan 2016 — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrario... • https://packetstorm.news/files/id/141631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1969
https://notcve.org/view.php?id=CVE-2015-1969
04 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Tivoli Common Reporting (TCR) 2.1 en versiones anteriores a IF13 y 2.1.1 en versiones anteriores a IF21 y TCR 3.1.x como se utiliza en Cognos Business Intelligence en versiones ante... • http://www-01.ibm.com/support/docview.wss?uid=swg21967384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0732
https://notcve.org/view.php?id=CVE-2011-0732
01 Feb 2011 — Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal defects and APARs." Múltiples vulnerabilidades en IBM Tivoli Integrated Portal (TIP) v1.1.1.1, tal como se utiliza en IBM Tivoli Common Reporting (TCR) v1.2.0 anterior a Interim Fix 9, tiene un impacto desconoci... • http://secunia.com/advisories/43030 •