{"api_version":"1","generated_at":"2026-04-24T21:11:17+00:00","cve":"CVE-2015-1969","urls":{"html":"https://cve.report/CVE-2015-1969","api":"https://cve.report/api/cve/CVE-2015-1969.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-1969","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-1969"},"summary":{"title":"CVE-2015-1969","description":"Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2015-10-04 02:59:00","updated_at":"2016-12-07 18:09:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/76472","name":"76472","refsource":"BID","tags":[],"title":"IBM Cognos Business Intelligence Server CVE-2015-1969 Unspecified Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21967384","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21967384","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"IBM Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2014-0230, CVE-2015-4000, CVE-2015-1969, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-2625, CVE-2015-4748, CVE-2015-4749) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1034050","name":"1034050","refsource":"SECTRACK","tags":[],"title":"IBM Tivoli Common Reporting Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-1969","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1969","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"2.1.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"2.1.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"3.1.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"3.1.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"3.1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"3.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"2.1.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"2.1.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"3.1.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"3.1.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"3.1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1969","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_common_reporting","cpe6":"3.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2015-1969","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"76472","refsource":"BID","url":"http://www.securityfocus.com/bid/76472"},{"name":"1034050","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1034050"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21967384","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21967384"}]}},"nvd":{"publishedDate":"2015-10-04 02:59:00","lastModifiedDate":"2016-12-07 18:09:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:tivoli_common_reporting:2.1.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"1969","Ordinal":"78868","Title":"CVE-2015-1969","CVE":"CVE-2015-1969","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"1969","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"1969","Ordinal":"2","NoteData":"2015-10-03","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"1969","Ordinal":"3","NoteData":"2016-12-05","Type":"Other","Title":"Modified"}]}}}