CVE-2015-7436

{"id": "CVE-2015-7436", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.0}]}, "published": "2016-01-02T21:59:12.970", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972799", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership."}, {"lang": "es", "value": "IBM Tivoli Common Reporting (TCR) 2.1 en versiones anteriores a IF14, 2.1.1 en versiones anteriores a IF22, 2.1.1.2 en versiones anteriores a IF9, 3.1.0.0 hasta la versi\u00f3n 3.1.2 como se utiliza en Cognos Business Intelligence en versiones anteriores a 10.2 IF16 y 3.1.2.1 como se utiliza en Cognos Business Intelligence en versiones anteriores a 10.2.1.1 IF12 conserva permisos de usuario en las operaciones a\u00f1adir-grupo y eleminar-grupo, lo que permite a usuarios locales eludir las restricciones destinadas al acceso en circunstancias oportunistas aprovechando cambios administrativos a miembros del grupo."}], "lastModified": "2016-01-08T01:40:15.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F56C076E-A4FB-432F-A7CB-0C37CDEC94C0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "393AB012-4F9C-4893-827E-4480AEC16DE5"}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A792593C-B2D4-425D-9EC4-3581A77474B5"}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1B8DFB-2004-4449-A4A7-802662D571EB"}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1938833-B19E-4DF2-8E2C-E2ADE876D44B"}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DBE91DF-8844-4ADB-AC02-839305F82B0F"}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BED14B09-F9FF-4DB4-9404-0D3A2BAC7FDD"}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D680D54-EE53-4658-98E1-64F316D23177"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}