Direct links to fixes
APAR status
Closed as fixed if next.
Error description
Problem type: Platform - Cross-frame scripting - Security Found (and Reproduced) in Product Version: Identified on 3.4.2.5 and Reproduced in 3.4.2.5. Issue is resolved with TRIRIGA 3.6.0.0 Problem Title: Platform is vulnerable to Cross-frame scripting vulnerability / clickjacking. Description: Platform is vulnerable to Cross-frame scripting Steps to Reproduce: NA Fixed in version: TRIRIGA Application Version 3.6.0.0 Fix Description: To exclude cross-frame scripting, add the following to the TRIRIGAWEB.properties file: httpheader.X-Frame-Options=SAMEORIGIN (Tri-276768-IV98382) Keywords: None Work-Arounds: None
Local fix
This issue is resolved in 3.6.0.0
Problem summary
Need to add a http header to tell the brower to not allow cross-frame scripting.
Problem conclusion
This issue has been resolved by enhancement 270641. Please add the following to the TRIRIGAWEB.properties configuration file. httpheader.X-Frame-Options=SAMEORIGIN This is targeted to the 2h2017 release as well as the 3.5.3.1 fix pack.
Temporary fix
Comments
APAR Information
APAR number
IV98382
Reported component name
TRI APPLCATION
Reported component ID
5725F26AB
Reported release
342
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-07-24
Closed date
2017-08-07
Last modified date
2025-06-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
999
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSPN97","label":"IBM TRIRIGA Application Builder"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"342"}]
Document Information
Modified date:
10 June 2025