9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:N/A:C
0.059 Low
EPSS
Percentile
93.3%
IBM TRIRIGA Application Platform discloses CVE-2015-0250
CVEID:CVE-2015-0250
**DESCRIPTION:**Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/101614 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID:CVE-2017-5662
**DESCRIPTION:**Apache Batik could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By using a specially-crafted SVG file, a remote attacker could exploit this vulnerability to obtain sensitive information or possibly cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/125198 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID:CVE-2018-8013
**DESCRIPTION:**Apache Batik could allow a remote attacker to obtain sensitive information, caused by an error when deserializing subclass of AbstractDocument
. An attacker could exploit this vulnerability to reveal files and obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/143678 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM TRIRIGA Application Platform | 3.6. |
IBM TRIRIGA Application Platform | 3.7 |
IBM TRIRIGA Application Platform | 3.8 |
IBM TRIRIGA Application Platform | 4.0 |
IBM TRIRIGA Application Platform | 4.1 |
Product|VRMF|
Remediation/First Fix
—|—|—
IBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on FixCentral.
IBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on FixCentral
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:N/A:C
0.059 Low
EPSS
Percentile
93.3%