Ahmed Eltijani

**Name of the Vulnerable Software and Affected Versions** IBM TRIRIGA Application Platform version 4.0 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. This is due to a cross-site scripting vulnerability. **Recommendations** For IBM TRIRIGA Application Platform version 4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM TRIRIGA version 4.0 **Description** The issue allows a remote attacker to exploit an XML external entity injection (XXE) attack when processing XML data, potentially exposing sensitive information or consuming memory resources. **Recommendations** For IBM TRIRIGA version 4.0, update to a version that includes a fix for this issue, as no specific workaround is provided in the available data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.