CVE-2014-0877

CWE-2643 documents3 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 50.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos TM1
Timeline
PublishedSep 5
Latest updateMay 17

Description

IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/cognos_tm110.2.0.2, 10.2.2.0+1

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-qwfq-qc5v-32xx: IBM Cognos TM1 102022-05-17
CVEList
CVE-2014-0877: IBM Cognos TM1 102014-09-05