What is the severity of CVE-2016-9737?

CVE-2016-9737 is classified as a high severity vulnerability due to its potential for exploiting cross-site scripting.

How do I fix CVE-2016-9737?

To remediate CVE-2016-9737, it is recommended to upgrade IBM TRIRIGA to a version that has addressed this vulnerability.

Which versions of IBM TRIRIGA are affected by CVE-2016-9737?

CVE-2016-9737 affects IBM TRIRIGA versions 3.3, 3.4, and 3.5 including specific builds.

What types of attacks can CVE-2016-9737 enable?

CVE-2016-9737 can enable attackers to inject arbitrary JavaScript code, potentially leading to user credential theft in a trusted session.

Is there a workaround for CVE-2016-9737?

Currently, there are no documented workarounds for CVE-2016-9737, and upgrading is the recommended approach.

Vulnerability/
CVE-2016-9737

medium

5.4

CWE

27/3/2017

6/8/2024

CVE-2016-9737: XSS

First published: Mon Mar 27 2017(Updated: )

IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM TRIRIGA Application Platform	=3.3.0.0
IBM TRIRIGA Application Platform	=3.3.0.1
IBM TRIRIGA Application Platform	=3.3.0.2
IBM TRIRIGA Application Platform	=3.3.1.0
IBM TRIRIGA Application Platform	=3.3.1.1
IBM TRIRIGA Application Platform	=3.3.1.2
IBM TRIRIGA Application Platform	=3.3.1.3
IBM TRIRIGA Application Platform	=3.3.2.0
IBM TRIRIGA Application Platform	=3.3.2.1
IBM TRIRIGA Application Platform	=3.3.2.2
IBM TRIRIGA Application Platform	=3.3.2.3
IBM TRIRIGA Application Platform	=3.3.2.4
IBM TRIRIGA Application Platform	=3.3.2.5
IBM TRIRIGA Application Platform	=3.4.0.0
IBM TRIRIGA Application Platform	=3.4.0.1
IBM TRIRIGA Application Platform	=3.4.1.0
IBM TRIRIGA Application Platform	=3.4.1.1
IBM TRIRIGA Application Platform	=3.4.1.2
IBM TRIRIGA Application Platform	=3.4.1.3
IBM TRIRIGA Application Platform	=3.4.2.0
IBM TRIRIGA Application Platform	=3.4.2.1
IBM TRIRIGA Application Platform	=3.4.2.2
IBM TRIRIGA Application Platform	=3.4.2.3
IBM TRIRIGA Application Platform	=3.4.2.4
IBM TRIRIGA Application Platform	=3.4.2.5
IBM TRIRIGA Application Platform	=3.5.2

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21996200

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9737?
CVE-2016-9737 is classified as a high severity vulnerability due to its potential for exploiting cross-site scripting.
How do I fix CVE-2016-9737?
To remediate CVE-2016-9737, it is recommended to upgrade IBM TRIRIGA to a version that has addressed this vulnerability.
Which versions of IBM TRIRIGA are affected by CVE-2016-9737?
CVE-2016-9737 affects IBM TRIRIGA versions 3.3, 3.4, and 3.5 including specific builds.
What types of attacks can CVE-2016-9737 enable?
CVE-2016-9737 can enable attackers to inject arbitrary JavaScript code, potentially leading to user credential theft in a trusted session.
Is there a workaround for CVE-2016-9737?
Currently, there are no documented workarounds for CVE-2016-9737, and upgrading is the recommended approach.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/remedy
agent/tags
agent/description
agent/event
agent/first-publish-date
agent/source
vendor/ibm
canonical/ibm tririga application platform
version/ibm tririga application platform/3.3.0.0
version/ibm tririga application platform/3.3.0.1
version/ibm tririga application platform/3.3.0.2
version/ibm tririga application platform/3.3.1.0
version/ibm tririga application platform/3.3.1.1
version/ibm tririga application platform/3.3.1.2
version/ibm tririga application platform/3.3.1.3
version/ibm tririga application platform/3.3.2.0
version/ibm tririga application platform/3.3.2.1
version/ibm tririga application platform/3.3.2.2
version/ibm tririga application platform/3.3.2.3
version/ibm tririga application platform/3.3.2.4
version/ibm tririga application platform/3.3.2.5
version/ibm tririga application platform/3.4.0.0
version/ibm tririga application platform/3.4.0.1
version/ibm tririga application platform/3.4.1.0
version/ibm tririga application platform/3.4.1.1
version/ibm tririga application platform/3.4.1.2
version/ibm tririga application platform/3.4.1.3
version/ibm tririga application platform/3.4.2.0
version/ibm tririga application platform/3.4.2.1
version/ibm tririga application platform/3.4.2.2
version/ibm tririga application platform/3.4.2.3
version/ibm tririga application platform/3.4.2.4
version/ibm tririga application platform/3.4.2.5
version/ibm tririga application platform/3.5.2