IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
An holistic approach has been implemented to address XSS vulnerabilities across the application as part of IBM TRIRIGA Application Platform 5.0.4 GA. This vulnerability is also part of it.
Customers using affected versions of IBM TRIRIGA should upgrade to IBM TRIRIGA Application Platform 5.0.4 GA or a later supported release containing the fix. IBM recommends applying the latest available maintenance to ensure protection against this vulnerability.
Reference : https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product[…]GA+Application+Platform&release=5.0.4&platform=All&function=all https://www.ibm.com/support/fixcentral/swg/selectFixes