CVE-2015-1969
Summary
| CVE | CVE-2015-1969 |
|---|---|
| State | PUBLISHED |
| Assigner | ibm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-10-04 02:59:02 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
SingleConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:S/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Tivoli Common Reporting | 2.1.0.0 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 2.1.1.0 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1.0.0 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1.0.1 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1.0.2 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1.2 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Tivoli Common Reporting Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| IBM Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2014-0230, CVE-2015-4000, CVE-2015-1969, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-2625, CVE-2015-4748, CVE-2015-4749) - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Patch, Vendor Advisory |
| IBM Cognos Business Intelligence Server CVE-2015-1969 Unspecified Cross Site Scripting Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.