Bypassing Authorization and Privilege Escalation in BIRT Viewer of IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x

Bypassing Authorization and Privilege Escalation in BIRT Viewer of IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x

CVE-2013-2974 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL.

Learn more about our Cis Benchmark Audit For Ibm I.