CVE-2015-7435 Information

Description

IBM Tivoli Common Reporting (TCR) 2.1 before IF14 2.1.1 before IF22 2.1.1.2 before IF9 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16 and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21972799

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

2.5