How do you limit or filter the space class current results in CI?

I created a child classification in the Space Class Current classification. In TRIRIGA, I am able to filter the selection to just this child classification via the filter in Report Manager. However, for my CAD Integrator users, it seems to be pulling the entire Space Class Current classification. Is it possible to limit that list in CAD Integrator?

Okay, I figured it out. In CAD Mapping, there is a Report Filter that is referencing a query called “triSpaceClassCurrent – CI – Available Space Class”. In this query, I added filters to filter down the list.

[Admin: To see other related posts, use the CAD tag or Integrator tag.]

Continue reading

IV96845: Ability to bypass security and use unauthorized functions

Testers found that they had the ability to add reports to the My Reports page in TRIRGA, even though the links for New, Copy, Delete, Copy as Community Report, and Share Report were not present for the read-only users.

Moving forward, an privilege escalation issue in Report Manager has been resolved.

[Admin: To see other related posts, use the Vulnerability tag or CVE tag.]

Continue reading

IV95184: Report Manager “Where Used” fails with single quote mark

If you add a single quote to a query name and click “Where Used”, it causes errors. I suspect this is due to the SQL generated, as it would require an extra single quote to pass the string correctly. If you add another single quote, to ‘escape’ the character, it will work correctly. This is an amendment to the SQL query that is generated when clicking “Where Used”. Additional logic is required where it searches for a single quote and then if it finds one, it adds it to the SQL generated.

We needed to update the SQL call to allow for a single quote in the parameter. Moving forward, the issue is resolved where the “Where Used” tab throws an exception if the report has single quote (‘) in the name.

Continue reading

IV94169: BOs not in alphabetical order in a system report

When creating a system report, the order of BOs listed within a module is not always alphabetical. This can be seen in at least two different areas:

  • (1) On the General tab, when you add a business object.
  • (2) On the Advanced tab, when you add an association filter.

Continue reading

Security: IBM TRIRIGA Application Platform vulnerabilities & fixes

[Updated 03.29.17]

For convenience, here are the some recent CVE IDs.

CVE-2016-9737 The IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the web UI, thus altering the intended functionality and potentially leading to credentials disclosure within a trusted session.
CVE-2017-1153 The IBM TRIRIGA Report Manager contains a vulnerability that could allow authenticated users to execute actions to which they do not have access.
CVE-2017-1171 The IBM TRIRIGA Application Platform contains a vulnerability that could allow authenticated users to execute application actions to which they do not have access.
CVE-2017-1180 The IBM TRIRIGA Document Manager contains a vulnerability that could allow authenticated users to execute actions to which they do not have access.

[Admin: This post is related to the 05.17.16 post and the 04.04.16 post about vulnerabilities and fixes. To see other related posts, use the Vulnerability tag.]

Continue reading

Are there any known limitations when creating a pie chart?

Are there any known limitations with pie charts in the TRIRIGA Report Manager?

We created a chart, but the available data meant it should show 100% for a single status value. However, the report just says “No data to display”. Expanding the filter to bring in more records meant that we had multiple status values to display and the chart displayed correctly. Is there a limitation on a pie chart so that if the result set is 100% in one grouping, it doesn’t display anything?

This is a known issue covered in APAR IV95291. You can subscribe to the APAR for updates on the fix.

Continue reading

IV93762: Privilege escalation vulnerability in Report Manager

The IBM TRIRIGA application is vulnerable to a privilege escalation vulnerability. Specifically, IBM TRIRIGA Report Manager contains a vulnerability that could allow an authenticated user to execute actions to which they should not have access.

Continue reading