Vulnerability in Ibm Cognos_tm1

CVE-2014-0877

IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link.

EPSS: 0.003 (49.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_tm1 — versions 10.2.0.2, 10.2.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
ibm-cognos-cve20140877-sec-bypass(91064) (vdb-entry, x_refsource_XF)