CVE-2013-4003

Name of the Vulnerable Software and Affected Versions IBM TRIRIGA Application Platform versions 2.x through 3.x before 3.3.1.1 IBM TRIRIGA Application Platform version 8

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via unspecified input to WebProcess.srv, unspecified input to html/en/default/actionHandler/queryHandler.jsp, or unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp.

Recommendations For IBM TRIRIGA Application Platform versions 2.x through 3.x, update to version 3.3.1.1 or later. For IBM TRIRIGA Application Platform version 8, at the moment, there is no information about a newer version that contains a fix for this issue.