EUVD-2013-2913

Malware in sbrugna...

PT-2021-20526

Name of the Vulnerable Software and Affected Versions: Eclipse BIRT versions 4.8.0 and earlier Description: An issue exists where an attacker can use query parameters to create a JSP file, accessible from remote, in the current BIRT viewer directory. This allows the injection of JSP code into the...

Code injection

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the report parameter of the BIRT viewer servlet...

CVE-2015-5071

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the report parameter of the BIRT viewer servlet...

CVE-2015-5071

CVE-2015-5071 affects BMC Remedy AR System: AR System Mid Tier prior to 9.0 SP1 in AR Reporting can allow remote authenticated users to navigate to arbitrary files via the __report parameter of the BIRT Viewer servlet. The vulnerability has been confirmed in BMC Remedy AR 8.1 and 9.0 (per errata)...

Security Bulletin: Vulnerabilities in BIRT-viewer embedded in IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2014-6149)

Summary There are vulnerabilities in BIRT-viewer embedded in TADDM that cannot be fixed, so there is a need to disable BIRT-viewer in TADDM. For secure use of BIRT reports in TADDM there is a need to use Tivoli Common Reporting TCR where TADDM BIRT reports can be migrated. Vulnerability Details C...

Security Bulletin: TADDM - BIRT viewer allow bypass authorization

Summary TADDM fails to properly check for authorization when allowing a user to view BIRT reports. It is possible to bypass authorization in the application via parameters manipulation in the BIRT reporting URL. Vulnerability Details CVE-2013-2974 BIRT viewer allow bypass authorization Descriptio...

Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting

Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Viewer" servlet itself. This is NOT the case, but...

CVE-2014-6149

Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager TADDM 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2014-6149

CVE-2014-6149 relates to a directory traversal in the BIRT-viewer component embedded in IBM Tivoli Application Dependency Discovery Manager (TADDM). Affected TADDM versions: 7.2.0.0–7.2.0.10, 7.2.1.0–7.2.1.6, and 7.2.2.0–7.2.2.2. The underlying issue allows a remote authenticated user to read arb...

CVE-2014-6149

Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager TADDM 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2013-2974

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager TADDM 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted...

Authorization

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager TADDM 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted...