CVE-2013-2974

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL.

Published: Jan 29, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-2974
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / tivoli_application_dependency_discovery_manager	7.2.1.2	7.2.1.2.x
ibm / tivoli_application_dependency_discovery_manager	7.2.1.3	7.2.1.3.x
ibm / tivoli_application_dependency_discovery_manager	7.2.1.1	7.2.1.1.x
ibm / tivoli_application_dependency_discovery_manager	7.2.1.4	7.2.1.4.x

http://www.ibm.com/support/docview.wss?uid=swg21662955
https://exchange.xforce.ibmcloud.com/vulnerabilities/83877

Vulnerability Database

289,697

CVE-2013-2974