IBM TRIRIGA is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE(s): CVE-2016-0387
Affected product(s) and affected version(s):
The following IBM TRIRIGA Application Platform versions are affected.
· IBM TRIRIGA Application Platform 3.5.
· IBM TRIRIGA Application Platform 3.4.
· IBM TRIRIGA Application Platform 3.3.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1TPZPWC
X-Force Database: http://ift.tt/1TJLmGy
from IBM Product Security Incident Response Team http://ift.tt/1TPZ2Fk
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.