CVE-2017-1373 : Security Advisory and Response

A security vulnerability in IBM TRIRIGA Application Platform versions 3.3, 3.4, and 3.5 allows authenticated users to execute unauthorized reports.

Understanding CVE-2017-1373

A security vulnerability in IBM TRIRIGA Application Platform versions 3.3, 3.4, and 3.5 allows authenticated users to execute unauthorized reports.

What is CVE-2017-1373?

Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contain a vulnerability that could allow an authenticated user to execute a report they do not have access to.

The Impact of CVE-2017-1373

This vulnerability poses a risk as it enables an authenticated user to execute a report that they do not have authorization to access.

Technical Details of CVE-2017-1373

A security vulnerability has been identified in versions 3.3, 3.4, and 3.5 of the IBM TRIRIGA Application Platform.

Vulnerability Description

The vulnerability allows an authenticated user to execute a report that they do not have authorization to access.

Affected Systems and Versions

Product: TRIRIGA Application Platform
Vendor: IBM
Affected Versions: 3.3, 3.3.1, 3.3.2, 3.4, 3.4.1, 3.4.2, 3.5, 3.5.1, 3.5.2

Exploitation Mechanism

The vulnerability enables an authenticated user to execute unauthorized reports.

Mitigation and Prevention

Immediate Steps to Take:

Apply the necessary security patches provided by IBM.
Restrict access to sensitive reports to authorized users only.

Long-Term Security Practices

Regularly monitor and audit user access and activities within the TRIRIGA Application Platform.
Educate users on the importance of data security and access control.
Implement role-based access controls to limit unauthorized actions.

Patching and Updates

Ensure that all systems running the affected versions of the TRIRIGA Application Platform are updated with the latest security patches.