CVE-2015-7435

Name of the Vulnerable Software and Affected Versions IBM Tivoli Common Reporting (TCR) versions 2.1 through 2.1 before IF14 IBM Tivoli Common Reporting (TCR) versions 2.1.1 through 2.1.1 before IF22 IBM Tivoli Common Reporting (TCR) versions 2.1.1.2 through 2.1.1.2 before IF9 IBM Tivoli Common Reporting (TCR) versions 3.1.0.0 through 3.1.2 IBM Tivoli Common Reporting (TCR) version 3.1.2.1

Description The issue allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism. This is achieved via leading whitespace in the BackURL field.

Recommendations For IBM Tivoli Common Reporting (TCR) versions 2.1 through 2.1 before IF14, apply IF14 to resolve the issue. For IBM Tivoli Common Reporting (TCR) versions 2.1.1 through 2.1.1 before IF22, apply IF22 to resolve the issue. For IBM Tivoli Common Reporting (TCR) versions 2.1.1.2 through 2.1.1.2 before IF9, apply IF9 to resolve the issue. For IBM Tivoli Common Reporting (TCR) versions 3.1.0.0 through 3.1.2, update to a version after 3.1.2 to resolve the issue. For IBM Tivoli Common Reporting (TCR) version 3.1.2.1, update to a version after 3.1.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the BackURL field to minimize the risk of exploitation.