VYPR
Low severity2.5NVD Advisory· Published Jan 2, 2016· Updated Jun 17, 2026

CVE-2015-7436

CVE-2015-7436

Description

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*
    • (no CPE)range: 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0-3.1.2 before 10.2 IF16, 3.1.2.1 before 10.2.1.1 IF12
  • Range: before 10.2 IF16, before 10.2.1.1 IF12

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.