Access Control Bypass in IBM Cognos TM1 by IBM
CVE-2014-0877

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Tm1
Vendor: CVE Published:; 5 September 2014

Summary

IBM Cognos TM1 versions 10.2.0.2 prior to IF1 and 10.2.2.0 prior to IF1 are susceptible to a vulnerability that allows remote attackers to bypass access restrictions. By navigating to the Rights page and exploiting a crafted link, an adversary can gain unauthorized access to sensitive information, compromising the security integrity of the affected installation. Organizations using these versions should evaluate their systems immediately and apply the necessary patches.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682395

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/91064

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 5, 2014
Vulnerability Reserved
Jan 6, 2014