CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-7435
https://notcve.org/view.php?id=CVE-2015-7435
02 Jan 2016 — IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field. IBM Tivoli Common Reporting (TCR) 2.1 en versiones anteriores a IF14, 2.1.1 en versiones anteriores a IF22, 2.1.1.2 en versiones anterio... • http://www-01.ibm.com/support/docview.wss?uid=swg21972799 • CWE-254: 7PK - Security Features •
CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-7436
https://notcve.org/view.php?id=CVE-2015-7436
02 Jan 2016 — IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership. IBM Tivoli Common Reporting (TCR) 2.1 en ve... • http://www-01.ibm.com/support/docview.wss?uid=swg21972799 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 94%CPEs: 21EXPL: 2CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
02 Jan 2016 — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrario... • https://packetstorm.news/files/id/141631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1969
https://notcve.org/view.php?id=CVE-2015-1969
04 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Tivoli Common Reporting (TCR) 2.1 en versiones anteriores a IF13 y 2.1.1 en versiones anteriores a IF21 y TCR 3.1.x como se utiliza en Cognos Business Intelligence en versiones ante... • http://www-01.ibm.com/support/docview.wss?uid=swg21967384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •