CVE-2015-7436

Name of the Vulnerable Software and Affected Versions IBM Tivoli Common Reporting (TCR) versions 2.1 through 2.1 before IF14 IBM Tivoli Common Reporting (TCR) versions 2.1.1 through 2.1.1 before IF22 IBM Tivoli Common Reporting (TCR) versions 2.1.1.2 through 2.1.1.2 before IF9 IBM Tivoli Common Reporting (TCR) versions 3.1.0.0 through 3.1.2 IBM Tivoli Common Reporting (TCR) version 3.1.2.1

Description The issue allows local users to bypass intended access restrictions by leveraging administrative changes to group membership, as user permissions are preserved across group-add and group-remove operations.

Recommendations For IBM Tivoli Common Reporting (TCR) versions 2.1 through 2.1 before IF14, apply IF14 to resolve the issue. For IBM Tivoli Common Reporting (TCR) versions 2.1.1 through 2.1.1 before IF22, apply IF22 to resolve the issue. For IBM Tivoli Common Reporting (TCR) versions 2.1.1.2 through 2.1.1.2 before IF9, apply IF9 to resolve the issue. For IBM Tivoli Common Reporting (TCR) versions 3.1.0.0 through 3.1.2, update to a version after 3.1.2 to resolve the issue. For IBM Tivoli Common Reporting (TCR) version 3.1.2.1, update to a version after 3.1.2.1 to resolve the issue.