IV82437: Privilege escalation in the TRIRIGA application


The user is able to view or modify resources, and perform functions that they have not been authorized to, at various points in the application. Here’s one example of many throughout the application:

  • URL:  xxx/html/en/default/reportTemplate/viewReport.jsp?reportTemplId=134176&showAddToBookmark=true&tririgasecuritytoken=hKIDzi5SpjthHSgSSuzYJPN

Steps to replicate:

  • 1. Login to the application.
  • 2. Navigate to My Reports.
  • 3. Click on the symbol for “Run Report” for any existing report.
  • 4. Intercept the request using a proxy tool and change the value for reportTemplId parameter to 134186.

Again, this is just one of many spots where this issue can be seen in the application.

A privilege escalation on running reports has been mitigated.

Continue reading

One thought on “IV82437: Privilege escalation in the TRIRIGA application

  1. Pingback: Security: IBM TRIRIGA Application Platform vulnerabilities & fixes | TRIRIGAFEEDIA

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s