CVE-2015-7436 Information

Description

IBM Tivoli Common Reporting (TCR) 2.1 before IF14 2.1.1 before IF22 2.1.1.2 before IF9 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16 and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21972799

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

2.5