Security: IBM TRIRIGA Application Platform vulnerabilities & fixes


For convenience, here are the some recent CVE IDs and their related APARs.

CVE ID Summary APAR
CVE-2016-0300 The IBM TRIRIGA Application Platform has a security flaw that could grant unauthenticated access into all JSP pages within the application structure under certain circumstances with the right criteria, which may allow for subsequent probing and exploitation.
CVE-2016-0312 The IBM TRIRIGA Application Platform has a security flaw that grants unauthenticated access to Document Manager in IBM TRIRIGA Application Platform in versions prior to 3.3.2 only. Anyone running on IBM TRIRIGA Application Platform 3.3.2 or higher, is not at impacted by this vulnerability.
CVE-2016-0342 The IBM TRIRIGA Application Platform grants the ability to access to read or modify a report that the user does not have privileges for. IV82437
CVE-2016-0343 IBM TRIRIGA could allow an authenticated user to obtain sensitive information displayed in error messages. IV82433
CVE-2016-0344 The IBM TRIRIGA Application Platform is vulnerable to a cross-site scripting (XSS) attack within My Reports. IV82435
CVE-2016-0345 The IBM TRIRIGA Application Platform no longer discloses server file path information when BIRT reports are rendered. IV82438
CVE-2016-0346 Unauthenticated requests can be made to a vulnerable web application, which then performs unauthorized action on behalf of the attacker. IV82436

[Admin: To see other related posts, use the Vulnerability tag.]

Continue reading →

2 thoughts on “Security: IBM TRIRIGA Application Platform vulnerabilities & fixes

  1. Pingback: IV83657: Cross-site request forgery (CSRF) vulnerability | TRIRIGAFEEDIA

  2. Pingback: Security: IBM TRIRIGA Application Platform vulnerabilities & fixes | TRIRIGAFEEDIA

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s