Access Control Bypass in IBM Tivoli Common Reporting and Cognos Business Intelligence
CVE-2015-7436

2.5LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
2 January 2016

Summary

In specific versions of IBM Tivoli Common Reporting and Cognos Business Intelligence, an access control bypass vulnerability exists due to the erroneous handling of user permissions during group-add and group-remove operations. This flaw permits local users to exploit administrative changes in group membership, potentially granting them unintended access to restricted resources. Proper security measures and timely updates are essential to mitigate risks associated with unauthorized access.

References

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.