The IBM TRIRIGA Application is vulnerable to privilege escalation vulnerability.
CVEID: CVE-2017-1153 DESCRIPTION: IBM TRIRIGA Report Manager contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122349> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
The following IBM TRIRIGA Platform versions are affected.
ยท IBM TRIRIGA Application Platform 3.5.0 - 3.5.2.
ยท IBM TRIRIGA Application Platform 3.4.0 - 3.4.2.5.
ยท IBM TRIRIGA Application Platform 3.3.0 - 3.3.2.5.
Product
| VRMF| APAR| Remediation/First Fix
โ|โ|โ|โ
IBM TRIRIGA Application Platform| 3.5.2.1|
|
The fix is available in IBM TRIRIGA Application Platform 3.5.2.1 which is available for download on IBM Fix Central.
IBM TRIRIGA Application Platform| 3.4.2.6|
|
The application fix pack is available through IBM TRIRIGA Customer support as a Limited Available Fix Pack. A request can be made through the IBM Support Portal.
IBM TRIRIGA Application Platform| 3.3.2.6|
|
The application fix pack is available through IBM TRIRIGA Customer support as a Limited Available Fix Pack. A request can be made through the IBM Support Portal.
Until you apply the fixes, it may be possible to reduce the risk of a successful attack by restricting access to internal networks, and not allowing external/Internet access to the application.