3 matches found
Security Bulletin: IBM Cognos TM1 is affected by security vulnerability CVE-2014-0877
Summary The link generated when opening the Rights page for an application can be opened anywhere, without the need to log in. Vulnerability Details CVE-ID: CVE-2014-0877 CVSS Base Score: 4 CVSS Temporal Score: See for the current score CVSS Environmental Score: Undefined CVSS Vector:...
CVE-2014-0877
IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link...
CVE-2014-0877
CVE-2014-0877 affects IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2 before IF1. The IBM bulletin describes an access control bypass: a link generated from the Rights page can be opened without logging in, effectively bypassing intended restrictions. The vulnerability is documented with remediatio...