Vulnerability Details : CVE-2015-7435
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.
Products affected by CVE-2015-7435
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7435
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7435
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:N |
3.4
|
2.9
|
NIST | |
2.5
|
LOW | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
1.0
|
1.4
|
NIST |
CWE ids for CVE-2015-7435
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7435
-
http://www-01.ibm.com/support/docview.wss?uid=swg21972799
IBM Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872)Vendor Advisory
Jump to