Low severity2.5NVD Advisory· Published Jan 2, 2016· Updated May 6, 2026

CVE-2015-7436

Description

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership.

Affected products

IBM/Tivoli Common Reporting8 versions
cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-01.ibm.com/support/docview.wssnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.163
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000