CVE-2015-7436
Summary
| CVE | CVE-2015-7436 |
|---|---|
| State | PUBLISHED |
| Assigner | ibm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-01-02 21:59:12 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership. |
Risk And Classification
Primary CVSS: v3.0 2.5 LOW from [email protected]
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Problem Types: CWE-264 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 2.5 | LOW | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 2.0 | [email protected] | Primary | 1.9 | AV:L/AC:M/Au:N/C:N/I:P/A:N |
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
HighPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
LowAvailability
NoneCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:L/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Tivoli Common Reporting | 2.1 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 2.1.1 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 2.1.1.2 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1.0.1 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1.0.2 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1.2 | All | All | All |
| Application | Ibm | Tivoli Common Reporting | 3.1.2.1 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872) - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.