Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0525
Multiple vulnerabilities have been identified in IBM's
TRIRIGA Application Platform
11 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM TRIRIGA
Publisher: IBM
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated
Cross-site Request Forgery -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-5950 CVE-2012-5949 CVE-2012-5948
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21628847
http://www-01.ibm.com/support/docview.wss?uid=swg21628849
http://www-01.ibm.com/support/docview.wss?uid=swg21628851
http://www-01.ibm.com/support/docview.wss?uid=swg21628852
Comment: This bulletin contains four (4) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM TRIRIGA Application Platform Cross-Site scripting vulnerabilities.
Flash (Alert)
Document information
IBM TRIRIGA Application Platform
IBM TRIRIGA Application Platform
Software version:
3.2, 3.2.1
Operating system(s):
Platform Independent
Reference #:
1628847
Modified date:
2013-04-08
Abstract
IBM TRIRIGA Application Platform has potential Cross-Site scripting
vulnerabilities in various URLs.
Content
VULNERABILITY DETAILS
CVE ID:
CVE-2012-5948
DESCRIPTION:
Cross-Site Scripting vulnerabilities may enable malicious scripts to be
injected into certain URLs. Customers on certain versions of the IBM TRIRIGA
Application Platform are potentially impacted by these vulnerabilities, which
can cause various issues including but not limited to broken pages or
application functionality, and the ability to forward data from the page to
an external (unauthorized) site.
A complete list of impacted URLs is provided below:
/WebProcess.srv (Parameter: attr_seq_1001)
/html/en/default/common/colorPicker.jsp (Parameter: fieldName)
/html/en/default/listEditor/listValuePicker.jsp (Parameter: atrSeq)
/html/en/default/listEditor/listValuePicker.jsp (Parameter: fieldName)
/html/en/default/listEditor/listValuePicker.jsp (Parameter: listId)
/html/en/default/listEditor/listValuePicker.jsp (Parameter: parentListId)
/html/en/default/smartobject/dateConversion.jsp (Parameter: fieldName)
/html/en/default/smartobject/dateTimeConversion.jsp (Parameter: fieldName)
/html/en/default/appsecurity/addGroups.jsp (Parameter: specTypeId)
/html/en/default/appsecurity/addGroups.jsp (Parameter: parentSOCategoryId)
/html/en/default/appsecurity/addGroups.jsp (Parameter: parentSOTypeId)
/html/en/default/appsecurity/addGroups.jsp (Parameter: rowNo)
/html/en/default/appsecurity/addGroups.jsp (Parameter: parentSOId)
/html/en/default/appsecurity/addGroups.jsp (Parameter: refSpecTypeId)
/html/en/default/appsecurity/addGroups.jsp
/html/en/default/appsecurity/addGroups.jsp (Parameter: parentSOSubCategoryId)
/html/en/default/common/objectUsage.jsp (Parameter: objectName)
/html/en/default/common/objectUsage.jsp
/html/en/default/reportTemplate/assocFilterList.jsp (: reportTemplId)
/html/en/default/reportTemplate/reportTemplateDesc.jsp (Parameter: recordState, oldName, associatedField)
/html/en/default/docmgmt/objectupload/upload.jsp (Parameter: specClassType)
/html/en/default/docmgmt/objectupload/dd/index.jsp (Parameter: parentSOId, parentSOSubCategoryId),
/html/en/default/listEditor/listEditorMgrListType.jsp (Parameter: name, type, label, description)
/html/en/default/smartobjecttype/associateBOLoad.jsp (Parameter: moduleId, assBO, propertyId)
/html/en/default/smartobjecttype/associateBOModuleTree.jsp (Parameter: propertyId)
/html/en/default/om2/omComparisonReport.jsp (Parameter: tempSpecId)
/html/en/default/om2/omExport.jsp (Parameter: tempSpecId)
/html/en/default/om2/omExportPackageCreator.jsp
/html/en/default/om2/omProperty.jsp (Parameter: tDesc, tName)
/html/en/default/om2/omValidate.jsp (Parameter: tempSpecId)
/html/en/default/om2/selectUser.jsp (Parameter: idField, nameField)
/html/en/default/common/whereUsedFrame.jsp (Parameter: objectName)
/html/en/default/common/whereUsedFrame.jsp (Parameter: objectName)
/html/en/default/gui/guiCopy.jsp (Parameter: tName)
/html/en/default/gui/sectionProperty.jsp
/html/en/default/gui/sectionTabCopy.jsp
DOM Based Cross-Site Scripting /WebProcess.srv, Scan Name = translationsDocumentManager
DOM Based Cross-Site Scripting /html/en/default/docmgmt/manager/viewDocBrava.jsp
/Widget/resource (Parameter: img)
/html/en/default/common/whereUsedFrame.jsp (Parameter: objectName)
/html/en/default/datamodeller/associateBOList.jsp (Parameter: toDoDisable)
/html/en/default/listEditor/listEditorMgrListType.jsp (Parameter: name, type, label, description)
/html/en/default/admin/addWFAgentUserSetting.jsp (Parameter: agentId)
/html/en/default/admin/analyzeMain.jsp (Parameter: PARAMETER_0_0, SCHEMA_TYPE_0, TABLE_NAME_0, INDEX_NAME_0)
/html/en/default/admin/editProperties.jsp (Parameter: name)
/html/en/default/admin/requestTest.jsp
/html/en/default/admin/requestTest.jsp
/html/en/default/admin/schedulerManager.jsp (Parameter: current_DAILY, current_MONTHLY, current_YEARLY, current_WEEKLY)
/html/en/default/admin/viewProperties.jsp (Parameter: name)
/html/en/default/appsecurity/addPeopleToProduct.jsp
/html/en/default/appsecurity/prodUserList.js
/birt/frameset (Parameter:system__recordIds)
/ganttlib/gantt-jws.jnlp, Scan Name = appscanPortalRuntime
/ganttlib/gantt-jws.jnlp (Parameter: sessionId, userDateFormat, tempSpecId, readOnly, projectSpecId, queryId, contextPath, title, userDateTimeFormat, projectName)
/html/en/default/om2/omObjectFinder.jsp (Parameter: tempSpecId, objectName, modifiedBy, modifiedAfter, idlist)
/html/en/default/om2/omObjects.jsp (parameter: tempSpecId)
/html/en/default/reportTemplate/reportTemplateDesc.jsp (Parameter: oldName)
/Widget/resource (Parameter: img)
/html/en/default/docmgmt/manager/viewDocBrava.jsp
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/80628 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:C/A:C)
AFFECTED PLATFORMS:
The following versions are affected. IBM TRIRIGA Application Platform 3.3 is
not impacted.
· IBM TRIRIGA Application Platform 3.2.1 and fix packs
· IBM TRIRIGA Application Platform 3.2 and fix packs
· TRIRIGA Application Platform 3.1 and fix packs
· TRIRIGA Application Platform 3.0 and fix packs
· TRIRIGA Application Platform 2.7 and fix packs
· TRIRIGA Application Platform 2.6 and fix packs
· TRIRIGA Application Platform 2.5 and fix packs
· TRIRIGA Application Platform 2.1 and fix packs
· TRIRIGA Application Platform 8 and fix packs
REMEDIATION:
The recommended solution is to apply the fix for each named product as soon as
practical. Please see below for information on the fixes available.
Fix:
These vulnerabilities are resolved in IBM TRIRIGA Application Platform 3.3.
Due to the threat posed by a successful attack, IBM strongly recommends that
customers upgrade their platform to version 3.3 as soon as possible.
Instructions on how to download and install IBM TRIRIGA Application Platform
3.3 can be found here: IBM TRIRIGA Application Platform 3.3 Download
Instructions
Workaround:
Until you apply the fixes, it may be possible to reduce the risk of successful
attack by restricting network protocols required by an attack. For attacks that
require certain privileges or access to certain packages, removing the
privileges or the ability to access the packages from unprivileged users may
help reduce the risk of successful attack. Both approaches may break
application functionality, so IBM strongly recommends that customers test
changes on non-production systems. Neither approach should be considered a
long-term solution as neither corrects the underlying problem.
Mitigation:
None Known
REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· CVE-2012-5948
· X-Force Database
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Related information
IBM PSIRT External Blog
IBM Secure Engineering and PSIRT External Web Portal
X-Force Database
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines
Corp., registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at
www.ibm.com/legal/copytrade.shtml.
- -------------------------------------------------------------------------------
IBM TRIRIGA Application Platform Cross Site Request Forgery vulnerabilities.
Flash (Alert)
Document information
IBM TRIRIGA Application Platform
IBM TRIRIGA Application Platform
Software version:
3.2, 3.2.1
Operating system(s):
Platform Independent
Reference #:
1628849
Modified date:
2013-04-08
Abstract
IBM TRIRIGA Application Platform has potential Cross Site Request Forgery
vulnerabilities in various URLs.
Content
VULNERABILITY DETAILS
CVE ID:
CVE-2012-5950
DESCRIPTION: Cross-Site Request Forgery vulnerabilities can allow an attacker
to cause unintended actions to be performed by a logged-in user of the
application. Customers on certain versions of the IBM TRIRIGA Application
Platform are potentially impacted by these vulnerabilities, which can cause a
logged-in user's browser to perform application actions as though the user was
performing them. The attacker could cause various actions to be performed,
including but not limited to changing, creating, or deleting system data
(records). A complete list of impacted URLs is provided below:
/html/en/default/gui/sortField.jsp
/html/en/default/gui/sectionProperty.jsp
/html/en/default/gui/guiStateFind.jsp
/html/en/default/masterDetail/objectsFrame.jsp
/html/en/default/gui/sortSection.jsp
/html/en/default/gui/guiActionProperty.jsp
/html/en/default/appsecurity/addGroups.jsp
/html/en/default/listEditor/listLabel.jsp
html/en/default/stylemanager/importStyles.jsp
/html/en/default/stylemanager/saveStyle.jsp
/html/en/default/admin/agentMain.jsp
html/en/default/admin/cacheRefresh.jsp
html/en/default/admin/connectionManager.jsp
/html/en/default/admin/dataConnectAdmin.jsp
/html/en/default/admin/languageManager.jsp
/html/en/default/admin/machineMain.jsp
/html/en/default/admin/managedProcesses.jsp
/html/en/default/admin/platformLogging.jsp
/html/en/default/admin/schedulerManager.jsp
/html/en/default/admin/scriptRunner.jsp
/html/en/default/admin/systemTests.jsp
/html/en/default/appsecurity/addPeopleToProduct.jsp
/html/en/default/process/comm/saveDiagram.jsp,
/sqa/html/en/default/process/comm/saveProps.jsp
/html/en/default/excel/excelProcessIframe.jsp
/html/en/default/uiutils/requestHandler.jsp
/html/en/default/om2/omValidate.jsp
/html/en/default/om2/omExport.jsp
/html/en/default/om2/omComparisonReport.jsp
/html/en/default/gui/contentImport.jsp
/html/en/default/masterDetail/objectsFrame.jsp
/html/en/default/manager/objectsFrame.jsp
/html/en/default/tree/recordHtmlTree.jsp
/html/en/default/actionHandler/actionProcessor.jsp
/html/en/default/reportTemplate/repStateActionFind.jsp
/html/en/default/listEditor/listEditorManagerList.jsp
/html/en/default/listEditor/listLabel.jsp
/html/en/default/listEditor/objectTypeList.jsp
/html/en/default/listEditor/objectTypeResultFields.jsp
/html/en/default/portalX/messages.jsp
/html/en/default/selfService/requests.jsp
/html/en/default/tree/boHtmlTree.jsp
/html/en/default/wfBuilder/wftManagerMain.jsp
/html/en/default/process/comm/saveProps.jsp
/html/en/default/flathierarchy/fhManager.jsp
/html/en/default/om2/omComparisonReport.jsp
/html/en/default/om2/omExport.jsp
/html/en/default/om2/omExportPackageCreator.jsp
/html/en/default/om2/omMain.jsp
/html/en/default/om2/omPkgImport.jsp
/html/en/default/om2/omValidate.jsp
/html/en/default/om2/selectUser.jsp
/html/en/default/gui/fieldList.jsp
/html/en/default/gui/guiCopy.jsp
/html/en/default/gui/includes.jsp
/html/en/default/gui/wfSelector.jsp
/html/en/default/languageEditor/boLabels.jsp
/html/en/default/languageEditor/ddLabels.jsp
/html/en/default/languageEditor/importUploadFile.jsp
/html/en/default/languageEditor/languageEditorContentFrame.jsp
/html/en/default/languageEditor/messages.jsp
/html/en/default/languageEditor/messagesMainFrame.jsp
/html/en/default/styleSheetEditor/tririgaCSSList.jsp
/html/en/default/styleSheetEditor/tririgaCSSProperties.jsp
/html/en/default/admin/boPublish.jsp
/html/en/default/budget/budgetGroupList.jsp
/html/en/default/budget/budgetTokenEntry.jsp
/html/en/default/flathierarchy/fhManager.jsp
/html/en/default/listEditor/listEditorManagerList.jsp
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/80630 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:C/A:C)
AFFECTED PLATFORMS:
The following versions are affected. IBM TRIRIGA Application Platform 3.3 is
not impacted.
· IBM TRIRIGA Application Platform 3.2.1 and fix packs
· IBM TRIRIGA Application Platform 3.2 and fix packs
· TRIRIGA Application Platform 3.1 and fix packs
· TRIRIGA Application Platform 3.0 and fix packs
· TRIRIGA Application Platform 2.7 and fix packs
· TRIRIGA Application Platform 2.6 and fix packs
· TRIRIGA Application Platform 2.5 and fix packs
· TRIRIGA Application Platform 2.1 and fix packs
· TRIRIGA Application Platform 8 and fix packs
REMEDIATION:
The recommended solution is to apply the fix for each named product as soon as
practical. Please see below for information on the fixes available.
Fix:
These vulnerabilities are resolved in IBM TRIRIGA Application Platform 3.3. Due
to the threat posed by a successful attack, IBM strongly recommends that
customers upgrade their platform to version 3.3 as soon as possible.
Instructions on how to download and install IBM TRIRIGA Application Platform
3.3 can be found here: IBM TRIRIGA Application Platform 3.3 Download
Instructions
Workaround:
Until you apply the fixes, it may be possible to reduce the risk of successful
attack by restricting network protocols required by an attack. For attacks that
require certain privileges or access to certain packages, removing the
privileges or the ability to access the packages from unprivileged users may
help reduce the risk of successful attack. Both approaches may break
application functionality, so IBM strongly recommends that customers test
changes on non-production systems. Neither approach should be considered a
long-term solution as neither corrects the underlying problem.
Mitigation:
None Known
REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· CVE-2012-5950
· X-Force Database
RELATED INFORMATION:
· IBM PSIRT External Blog
· IBM Secure Engineering and PSIRT External Web Portal
· X-Force Database.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Related information
IBM PSIRT External Blog
IBM Secure Engineering and PSIRT External Web Portal
X-Force Database
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines
Corp., registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at
www.ibm.com/legal/copytrade.shtml.
- -------------------------------------------------------------------------------
IBM TRIRIGA Application Platform Link Injection vulnerabilities.
Flash (Alert)
Document information
IBM TRIRIGA Application Platform
IBM TRIRIGA Application Platform
Software version:
3.2, 3.2.1
Operating system(s):
Platform Independent
Reference #:
1628851
Modified date:
2013-04-08
Abstract
IBM TRIRIGA Application Platform has potential Link Injection vulnerabilities
in various URLs.
Content
VULNERABILITY DETAILS
CVE ID:
CVE-2012-5949
DESCRIPTION: Link Injection vulnerabilities can allow an attacker to embed links (URL) to an external site or to different pages (forms) within the TRIRIGA application. The links can appear to be valid application links while causing the user to navigate to unintended sites or execute unintended actions within the application. Customers on certain versions of the IBM TRIRIGA Application Platform are potentially impacted by these vulnerabilities, which can cause various issues including but not limited to navigation to unintended external web sites, apparently broken application functionality, and stealing user credentials and other information by persuading the user to provide them using a fictitious login or profile page. A complete list of impacted URLs is provided below:
/html/en/default/listEditor/listEditorMgrListType.jsp (Parameter: name, type, label)
/html/en/default/reportTemplate/reportTemplateDesc.jsp (Parameter: associatedField)
/html/en/default/portalX/portalSection.jsp (Parameter: headerColor, backColor)
/html/en/default/portalX/portalSection.jsp (Parameter: headerColor, backColor)
/html/en/default/admin/addWFAgentUserSetting.jsp (Parameter: agentId)
/html/en/default/admin/analyzeMain.jsp (Parameter: PARAMETER_0_0)
/html/en/default/admin/schedulerManager.jsp (Parameter: current_DAILY, current_MONTHLY, current_YEARLY, current_WEEKLY)
/html/en/default/appsecurity/addPeopleToProduct.jsp (Parameter: prodId)
/birt/frameset (Parameter:system__recordIds)
/WebProcess.srv (userID, projectID, folderID, documentID, companyID)
/html/en/default/om2/omObjectFinder.jsp (Parameter: tempSpecId, objectName, modifiedBy, modifiedAfter, idlist)
/html/en/default/om2/omObjectFinder.jsp (Parameter: tempSpecId, objectName, modifiedBy, modifiedAfter, idlist)
/html/en/default/gui/sectionTabCopy.jsp (Parameter: selectedName, boId, tGUIId, sectionId, moduleId, readOnly, actionType, selectedTabId, tabId, guiId, tName)
/html/en/default/styleSheetEditor/tririgaCSSProperties.jsp (Parameter: colorPicker3B)
/html/en/default/gui/guiManagerList.jsp (Parameter: moduleName)
/html/en/default/appsecurity/addGroups.jsp (Parameter: specTypeId, parentSOCategoryId, parentSOTypeID, rowNo, parentSOId,refSpecTypeId, parentSOSubCategoryId)
/html/en/default/appsecurity/addGroups.jsp (Parameter: specTypeId, parentSOCategoryId, parentSOTypeId, rowNo, parentSOId, refSpecTypeId, parentSOSubCategoryId)
/html/en/default/common/objectUsage.jsp (Parameter: objectName)
/html/en/default/docmgmt/objectupload/dd/index.jsp (Parameter: parentSOId, parentSOSubCategoryId)
/html/en/default/listEditor/listEditorMgrListType.jsp (Parameter: name, type, label)
/html/en/default/om2/selectUser.jsp (Parameter: idField, nameField)
/html/en/default/om2/omComparisonReport.jsp (Parameter: tempSpecId)
/html/en/default/om2/omExport.jsp (Parameter: tempSpecId)
/html/en/default/om2/omValidate.jsp (Parameter: tempSpecId)
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/80629 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:C/A:C)
AFFECTED PLATFORMS:
The following versions are affected. IBM TRIRIGA Application Platform 3.3 is
not impacted.
· IBM TRIRIGA Application Platform 3.2.1 and fix packs
· IBM TRIRIGA Application Platform 3.2 and fix packs
· TRIRIGA Application Platform 3.1 and fix packs
· TRIRIGA Application Platform 3.0 and fix packs
· TRIRIGA Application Platform 2.7 and fix packs
· TRIRIGA Application Platform 2.6 and fix packs
· TRIRIGA Application Platform 2.5 and fix packs
· TRIRIGA Application Platform 2.1 and fix packs
· TRIRIGA Application Platform 8 and fix packs
REMEDIATION:
The recommended solution is to apply the fix for each named product as soon as
practical. Please see below for information on the fixes available.
Fix:
These vulnerabilities are resolved in IBM TRIRIGA Application Platform 3.3.
Due to the threat posed by a successful attack, IBM strongly recommends that
customers upgrade their platform to version 3.3 as soon as possible.
Instructions on how to download and install IBM TRIRIGA Application Platform
3.3 can be found here: IBM TRIRIGA Application Platform 3.3 Download
Instructions
Workaround:
Until you apply the fixes, it may be possible to reduce the risk of successful
attack by restricting network protocols required by an attack. For attacks
that require certain privileges or access to certain packages, removing the
privileges or the ability to access the packages from unprivileged users may
help reduce the risk of successful attack. Both approaches may break
application functionality, so IBM strongly recommends that customers test
changes on non-production systems. Neither approach should be considered a
long-term solution as neither corrects the underlying problem.
Mitigation:
None Known
REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· CVE-2012-5949
· X-Force Database
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Related information
IBM PSIRT External Blog
IBM Secure Engineering and PSIRT External Web Portal
X-Force Database
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines
Corp., registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at
www.ibm.com/legal/copytrade.shtml.
- ----------------------------------------------------------------------------------
IBM TRIRIGA Application Platform Phishing vulnerabilities.
Flash (Alert)
Document information
IBM TRIRIGA Application Platform
IBM TRIRIGA Application Platform
Software version:
3.2, 3.2.1
Operating system(s):
Platform Independent
Reference #:
1628852
Modified date:
2013-04-08
Abstract
IBM TRIRIGA Application Platform has potential Phishing vulnerabilities in
various URLs.
Content
VULNERABILITY DETAILS
CVE ID:
CVE-2012-5949
DESCRIPTION: Phishing vulnerabilities can allow an attacker to attain user names, passwords, and other personal information by presenting false login, profile, or other information entry pages that the user believes to be legitimate application pages. Customers on certain versions of the IBM TRIRIGA Application Platform are potentially impacted by these vulnerabilities, which can cause various issues including but not limited to stealing user credentials and other information by persuading the user to provide them using a fictitious login, profile, or other data entry page. A complete list of impacted URLs is provided below:
/WebProcess.srv (Parameter: nextPage)
/sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp (Parameter: nextPage)
/html/en/default/listEditor/listEditorMgrListType.jsp (Parameter: name, type, label)
/html/en/default/reportTemplate/reportTemplateDesc.jsp (Parameter: associatedField)
/html/en/default/admin/addWFAgentUserSetting.jsp
/html/en/default/admin/analyzeMain.jsp (Parameter: PARAMETER_0_0, SCHEMA_TYPE_0, TABLE_NAME_0,INDEX_NAME_0)
/html/en/default/admin/schedulerManager.jsp (Parameter: current_DAILY, current_MONTHLY, current_YEARLY, current_WEEKLY)
/html/en/default/appsecurity/addPeopleToProduct.jsp (Parameter: prodId)
/birt/frameset (Parameter:system__recordIds)
/WebProcess.srv (userID, projectID, folderID, documentID, companyID)
a/html/en/default/om2/omObjectFinder.jsp (Parameter: tempSpecId, objectName, modifiedBy, modifiedAfter, idlist)
/html/en/default/om2/omObjectFinder.jsp (Parameter: tempSpecId, objectName, modifiedBy, modifiedAfter, idlist)
/html/en/default/gui/sectionTabCopy.jsp (Parameter: tBOId, tGUIId, sectionId, moduleId, actionType, tabId, guiId)
/html/en/default/styleSheetEditor/tririgaCSSProperties.jsp (Parameter: colorPicker3B)
/html/en/default/common/objectUsage.jsp
/html/en/default/reportTemplate/reportTemplateUsage.jsp (Parameter: nextPage)
/html/en/default/docmgmt/objectupload/dd/index.jsp (Parameter: parentSOId, parentSOSubCategoryId)
/html/en/default/listEditor/listEditorMgrListType.jsp (Parameter: name, type, label)
/html/en/default/om2/selectUser.jsp (Parameter: idField, nameField)
/html/en/default/om2/omComparisonReport.jsp (Parameter: tempSpecId)
/html/en/default/om2/omExport.jsp (Parameter: tempSpecId)
/html/en/default/om2/omValidate.jsp (Parameter: tempSpecId)
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/80629 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:C/A:C)
AFFECTED PLATFORMS:
The following versions are affected. IBM TRIRIGA Application Platform 3.3 is
not impacted.
· IBM TRIRIGA Application Platform 3.2.1 and fix packs
· IBM TRIRIGA Application Platform 3.2 and fix packs
· TRIRIGA Application Platform 3.1 and fix packs
· TRIRIGA Application Platform 3.0 and fix packs
· TRIRIGA Application Platform 2.7 and fix packs
· TRIRIGA Application Platform 2.6 and fix packs
· TRIRIGA Application Platform 2.5 and fix packs
· TRIRIGA Application Platform 2.1 and fix packs
· TRIRIGA Application Platform 8 and fix packs
REMEDIATION:
The recommended solution is to apply the fix for each named product as soon as
practical. Please see below for information on the fixes available.
Fix:
These vulnerabilities are resolved in IBM TRIRIGA Application Platform 3.3. Due
to the threat posed by a successful attack, IBM strongly recommends that
customers upgrade their platform to version 3.3 as soon as possible.
Instructions on how to download and install IBM TRIRIGA Application Platform
3.3 can be found here: IBM TRIRIGA Application Platform 3.3 Download
Instructions
Workaround:
Until you apply the fixes, it may be possible to reduce the risk of successful
attack by restricting network protocols required by an attack. For attacks that
require certain privileges or access to certain packages, removing the
privileges or the ability to access the packages from unprivileged users may
help reduce the risk of successful attack. Both approaches may break
application functionality, so IBM strongly recommends that customers test
changes on non-production systems. Neither approach should be considered a
long-term solution as neither corrects the underlying problem.
Mitigation:
None Known
REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· CVE-2012-5949
· X-Force Database
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Related information
IBM PSIRT External Blog
IBM Secure Engineering and PSIRT External Web Portal
X-Force Database
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the Web at "Copyright and trademark information"
at www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUWZDBe4yVqjM2NGpAQIl9g/7BnqK/FAHLP3ixvHjSMKzDg+bj2n2nACR
or/lLG3HpqlkoGYiflB7HqOrHwlKQzBAnfigHwFMMlzL8z9nKHJZyzq/QovTwa+y
kZSgOLjBs+IG+TtiqRNM3sr54kYkMWKOqtx8KiEyOc8gkiTIDrPpT3w2JFdfhpC/
c+xC0w0Huvd5c+4gMkFgkY8UE7Wsefkv2ET/iSrzV1NYAsDdGiQnvJig83Egi7+/
X9h5K9b+4AQ3JhTjEVd332x9x37PpHP3K0dPZXn8B+cE4M/1us64LwHH1OC5iCDj
9GDeMhmWXfcxoXmhh4Z9s0CAQ05a/3weszY0oEcUwTaRcmVkv8YgEA6ZWqbSE1tt
6Rce116i/07M1CGF1AjzSGV0jtL1D5dEa0r4/fYKoeCmsgFiDqbMgbeGpI4A4Wmn
Nuv1TV/tXIu4IlmoPAtuxWqjrL+VA29vMf+FdCYu/fPMhBzo0B2Te67e0voZCa7h
ff99Itp8G6Lhf7+YOX1hrz8feAXjlYmasGJyQKyZcD85KaMrUmerhrqMNpFB8kYO
NBkUzp+ioDMBbfLR2XRfpZkPeVDj5pb8nQiDx3VruLWf/XpPCMndsBXOMuFmAtSK
LGEwrBGXf6X6Tbotoat8ttF28tVg9JmYpsbGaXxMbnOqHfQOn649Cs+GRejGL7Oq
x2ZdZLQRcwU=
=Iaa2
-----END PGP SIGNATURE-----