CVE-2015-7436

LOW Year: 2015
CVSS v3 Score
2.5
Low
CVSS v2 Score
1.9
Low
Weakness Type
CWE-264
View all →

Vulnerability Description

IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership.

Related Vulnerabilities

CVE-2016-5979

LOW
CVSS:2.7(Low)

IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the ...

CWE-2642016

CVE-2017-18455

LOW
CVSS:2.7(Low)

In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).

CWE-2642017

CVE-2016-3888

LOW
CVSS:2.1(Low)

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to byp...

CWE-2642016

CVE-2016-4534

LOW
CVSS:3.0(Low)

The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and ...

CWE-2642016

CVE-2013-6446

LOW
CVSS:3.1(Low)

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information...

CWE-2642013

CVE-2015-7455

LOW
CVSS:3.1(Low)

IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modific...

CWE-2642015