Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5438B1D93F86516FFD971E0CBF4A9CCDA3A3626A4E3818D8E2FE799A9C704260
HistoryJun 17, 2018 - 2:33 p.m.

Security Bulletin: TADDM - BIRT viewer allow bypass authorization

2018-06-1714:33:52
www.ibm.com
9

EPSS

0.002

Percentile

55.6%

JSON

Summary

TADDM fails to properly check for authorization when allowing a user to view BIRT reports. It is possible to bypass authorization in the application via parameters manipulation in the BIRT reporting URL.

Vulnerability Details

CVE-2013-2974 BIRT viewer allow bypass authorization
Description
It is possible to bypass authorization in the application via parameters manipulation in the BIRT reporting URL. That allow any user to obtain report administration functionality, thereby allowing them to create/delete reports or exploit vulnerabilities such as SQL injection that exists in the BIRT viewer.

CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/83877&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/AU:S/C:P/I:P/A:P)

Affected Products and Versions

TADDM 7.2.1.0 through 7.2.1.4 (fix included in TADDM 7.2.1.5 and TADDM 7.2.2.0)

Remediation/Fixes

Apply the latest fixpack 7.2.1.5 or upgrade to 7.2.2
If you are unable to upgrade, please contact IBM Technical Support.

Workarounds and Mitigations

None

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Authorization
2014-01-29 05:37:00
cve
cve
CVE-2013-2974
2014-01-29 05:37:02
cvelist
cvelist
CVE-2013-2974
2014-01-29 02:00:00
nvd
nvd
CVE-2013-2974
2014-01-29 05:37:02

EPSS

0.002

Percentile

55.6%

JSON
Related for 5438B1D93F86516FFD971E0CBF4A9CCDA3A3626A4E3818D8E2FE799A9C704260
prion1cve1cvelist1nvd1