IV96795: User without access can add security via Admin Console


A user who has limited access to people records (such as an External Vendor Admin), and who should not have access to add/delete licenses and security groups, is able to add licenses and security groups to an external vendor by running a command in the TRIRIGA Admin Console.

Moving forward, a client-side vulnerability that could allow a user to escalate their privilege, has been resolved.

[Admin: To see other related posts, use the Vulnerability tag or CVE tag.]

Continue reading

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s