Tririga Application Platform

CVEs (27)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-1373	Hig	0.57	8.8	0.01	Jul 21, 2017	Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.
CVE-2017-1371	Hig	0.57	8.8	0.00	Jul 21, 2017	Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.
CVE-2017-1153	Hig	0.57	8.8	0.01	Mar 27, 2017	IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
CVE-2016-0374	Hig	0.57	8.8	0.01	Jul 1, 2016	The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.
CVE-2016-0386	Hig	0.52	8.0	0.00	Jul 2, 2016	Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.
CVE-2017-1374	Med	0.42	6.5	0.00	Jul 21, 2017	Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.
CVE-2017-1465	Med	0.35	5.4	0.00	Dec 7, 2017	IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464.
CVE-2017-1372	Med	0.35	5.4	0.00	Jul 21, 2017	IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865.
CVE-2016-9737	Med	0.35	5.4	0.00	Mar 27, 2017	IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.
CVE-2016-2883	Med	0.35	5.4	0.00	Jul 2, 2016	Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387.
CVE-2016-0387	Med	0.35	5.4	0.00	Jul 2, 2016	Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.
CVE-2017-1180	Med	0.34	5.3	0.00	Apr 5, 2017	The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.
CVE-2017-1171	Med	0.28	4.3	0.00	Mar 31, 2017	The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.
CVE-2016-2882	Med	0.28	4.3	0.00	Jul 2, 2016	IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.
CVE-2014-8895		0.00	—	0.00	Jan 29, 2015	IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.
CVE-2014-8894		0.00	—	0.00	Jan 29, 2015	Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
CVE-2014-8893		0.00	—	0.00	Jan 29, 2015	Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-4839		0.00	—	0.00	Oct 29, 2014	Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-4840		0.00	—	0.02	Oct 19, 2014	IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL.
CVE-2014-4838		0.00	—	0.00	Oct 19, 2014	Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.