Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-22475

2022-08-3016:55:16

www.ibm.com

0.007 Low

EPSS

Percentile

80.4%

JSON

Summary

IBM TRIRIGA Application Platform discloses CVE-2020-22475

Vulnerability Details

CVEID:CVE-2020-22475
**DESCRIPTION:**Tasks could provide weaker than expected security, caused by insecure permissions in VoiceCommandActivity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to add arbitrary tasks to users tasks lists.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196766 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM TRIRIGA	All

Remediation/Fixes

Product|VRMF|

Remediation/First Fix

—|—|—
IBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on FixCentral.
IBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on FixCentral

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm tririga portfolio data managereq3.6
ibm tririga portfolio data managereq2.7
ibm tririga portfolio data managereq3.8
ibm tririga portfolio data managereq4.0
ibm tririga portfolio data managereq4.1

Name	Operator	Version
ibm tririga portfolio data manager	eq	3.6
ibm tririga portfolio data manager	eq	2.7
ibm tririga portfolio data manager	eq	3.8
ibm tririga portfolio data manager	eq	4.0
ibm tririga portfolio data manager	eq	4.1

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for DCF776DEC9E09D0152388D8C8DEACA7920ACD442542749629D024BD994D72FC7