CVE-2013-2974

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
ibmtivoli_application_dependency_discovery_manager
7.2.1.1
ibmtivoli_application_dependency_discovery_manager
7.2.1.2
ibmtivoli_application_dependency_discovery_manager
7.2.1.3
ibmtivoli_application_dependency_discovery_manager
7.2.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg21662955
https://exchange.xforce.ibmcloud.com/vulnerabilities/83877
http://www.ibm.com/support/docview.wss?uid=swg21662955
https://exchange.xforce.ibmcloud.com/vulnerabilities/83877