Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected with multiple vulnerabilities in Apache HttpComponents and HttpCommons

Summary There are multiple vulnerabilities in Apache HttpComponents and HttpCommons libraries which affect WebSphere Application Server. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

GHSA-XH2P-7P87-FHGH Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode

TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode. The bug lies in batchLiquidateTroves of TroveManager. When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and...

Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode

TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode. The bug lies in batchLiquidateTroves of TroveManager. When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and...

Security Bulletin: IBM Tivoli Common Reporting (TCR) interim fixes address Security Vulnerability and Exposure CVE-2014-0224

Summary IBM Tivoli Common Reporting TCR interim fixes address Security Vulnerability and Exposure CVE-2014-0224 Vulnerability Details Security Vulnerability and Exposure CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of...

Security Bulletin: IBM Tivoli Common Reporting (TCR) 2017Q3 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Versi...

Security Bulletin: A security vulnerability has been identified in Websphere Application Server shipped with Tivoli Common Reporting (CVE-2016-0306)

Summary Embedded Websphere Application Server eWAS is shipped as a component of Tivoli Common Reporting TCR. Information about a security vulnerability affecting Embedded Websphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the WAS security...

Security Bulletin: A security vulnerability identified in IBM WebSphere Application Server affecting IBM Tivoli Storage Manager FastBack Reporting (CVE-2015-2017)

Summary IBM Tivoli Storage Manager FastBack Reporting requires the dependent product IBM WebSphere Application Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bullet...

Security Bulletin: Vulnerabilities in BIRT-viewer embedded in IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2014-6149)

Summary There are vulnerabilities in BIRT-viewer embedded in TADDM that cannot be fixed, so there is a need to disable BIRT-viewer in TADDM. For secure use of BIRT reports in TADDM there is a need to use Tivoli Common Reporting TCR where TADDM BIRT reports can be migrated. Vulnerability Details C...

CVE-2015-7436

CVE-2015-7436 affects IBM Tivoli Common Reporting (TCR) as used in Cognos Business Intelligence; the vulnerability arises from adding/removing users to/from an external (namespace) group in TCR, which may preserve user permissions across group membership changes and allow a local attacker with ad...

CVE-2015-1969

CVE-2015-1969 is an XSS vulnerability in IBM Tivoli Common Reporting (TCR) used by Cognos BI. A remote authenticated user could inject script via a crafted URL due to improper validation. Affected products/versions include Tivoli Common Reporting 2.1 (before IF13), 2.1.1 (before IF21), and 3.1.x ...

CVE-2011-0732

Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal TIP 1.1.1.1, as used in IBM Tivoli Common Reporting TCR 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal...

CVE-2011-0732

Technical details for CVE-2011-0732 are not publicly available in the provided documents. Monitor for updates from official advisories; current sources reiterate unknown impact and bundled WebSphere issues without specific vulnerability vectors or fixes.