IBM TRIRIGA is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE(s): CVE-2016-0386
Affected product(s) and affected version(s):
The following IBM TRIRIGA Application Platform versions are affected.
· IBM TRIRIGA Application Platform 3.5.
· IBM TRIRIGA Application Platform 3.4.
· IBM TRIRIGA Application Platform 3.3.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1TPZHGI
X-Force Database: http://ift.tt/1TJLNAD
from IBM Product Security Incident Response Team http://ift.tt/1TPZdQW
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.