NotCVE - vendor:"Ibm" product:"Tivoli Common Reporting" version:"3.1.2.1"

3 results (0.002 seconds)

CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-7435

https://notcve.org/view.php?id=CVE-2015-7435

02 Jan 2016 — IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field. IBM Tivoli Common Reporting (TCR) 2.1 en versiones anteriores a IF14, 2.1.1 en versiones anteriores a IF22, 2.1.1.2 en versiones anterio... • http://www-01.ibm.com/support/docview.wss?uid=swg21972799 • CWE-254: 7PK - Security Features •

CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-7436

https://notcve.org/view.php?id=CVE-2015-7436

02 Jan 2016 — IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership. IBM Tivoli Common Reporting (TCR) 2.1 en ve... • http://www-01.ibm.com/support/docview.wss?uid=swg21972799 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 94%CPEs: 21EXPL: 2

CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.

https://notcve.org/view.php?id=CVE-2015-7450

02 Jan 2016 — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrario... • https://packetstorm.news/files/id/141631 • CWE-502: Deserialization of Untrusted Data •