7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
IBM TRIRIGA Application Platform is vulnerable to an exploit that can allow an attacker to bypass security restrictions.
CVEID: CVE-2017-5656 DESCRIPTION: Apache CXF could allow a remote attacker to bypass security restrictions, caused by a flaw in the STSClient. By sending a specially-crafted token, an attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125216 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
The following IBM TRIRIGA Platform versions are affected.
ยท IBM TRIRIGA Application Platform 3.5.0 - 3.5.2.3.
ยท IBM TRIRIGA Application Platform 3.4.0 - 3.4.2.5.
ยท IBM TRIRIGA Application Platform 3.3.0 - 3.3.2.5.
Product
| VRMF| APAR| Remediation/First Fix
โ|โ|โ|โ
IBM TRIRIGA Application Platform| 3.5.3.0|
|
The fix is available in IBM TRIRIGA Application Platform 3.5.3 which is available for download on Passport Advantage.
IBM TRIRIGA Application Platform| 3.4.2.6|
|
The application fix pack is available through IBM TRIRIGA Customer support as a Limited Available Fix Pack. A request can be made through the IBM Support Portal.
IBM TRIRIGA Application Platform| 3.3.2.6|
|
The application fix pack is available through IBM TRIRIGA Customer support as a Limited Available Fix Pack. A request can be made through the IBM Support Portal.
Until you apply the fixes, it may be possible to reduce the risk of a successful attack by restricting access to internal networks, and not allowing external/Internet access to the application.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N