Cross-Site Scripting Flaw in IBM Tivoli Common Reporting Products
CVE-2015-1969

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Common Reporting
Vendor: CVE Published:; 4 October 2015

What is CVE-2015-1969?

A cross-site scripting (XSS) vulnerability exists in various versions of IBM Tivoli Common Reporting. This flaw allows remote authenticated users to inject arbitrary web scripts or HTML into affected systems via a specially crafted URL. This can potentially lead to session hijacking, data theft, or other malicious actions, posing a risk to the integrity and security of applications reliant on this reporting tool. Users of these affected products should take immediate action to patch their systems.

References

http://www.securityfocus.com/bid/76472

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1034050

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21967384

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2015
Vulnerability Reserved
Feb 19, 2015