IBM Support

IV96845: ABILITY TO BYPASS TRIRIGA SECURITY AND PERFORM UNAUTHORIZED AND UNWARRANTED REPORT FUNCTIONS LIKE ADD REPORT, DELETE REPORT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • Testers found that they had the ability to add reports to the
    My Reports page in Tririga, even though the links for New,
    Copy, Delete, Copy as Community Report, and Share Report were
    not present for the read only users.
    

Local fix

  • No
    

Problem summary

  • An privilege escalation issue in report manager has been
    found..
    

Problem conclusion

  • An privilege escalation issue in report manager has been
    resolved.
    This is targeted to the 1h2017 release as well as the 3.5.2.3
    fix pack.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV96845

  • Reported component name

    TRI APP PLTFM R

  • Reported component ID

    5725F26RE

  • Reported release

    352

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-06-01

  • Closed date

    2017-06-12

  • Last modified date

    2017-06-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • 999
    

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCZPUQ","label":"IBM TRIRIGA Application Platform Runtime Engine"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"352","Edition":""}]

Document Information

Modified date:
12 June 2017