Security Bulletin: IBM TRIRIGA Application Platform discloses server-side request forgery (CVE-2020-11988)

Summary CV-2020-11988 Apache XML Graphis Commons is vulerable to server-side request forgery. Vulnerability Details CVEID: CVE-2020-11988 DESCRIPTION: Apache XML Graphics Commons is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a...

Security Bulletin:IBM TRIRIGA Application Platform discloses cross-site scripting (CVE-2022-24620)

Summary CVE-2022-24620 Piwigo is vulnerable to cross-site scipting Vulnerability Details IBM X-Force ID: 87544 DESCRIPTION: Piwigo is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin.php script. A remote attacker could exploit this vulnerabilit...

Security Bulletin:IBM TRIRIGA Application Platform discloses Apache HttpClient vulnerability (CVE-2020-13956)

Summary Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security...

Security Bulletin:IBM TRIRIGA Application Platform discloses Stored Cross Site Scripting (CVE-2022-43914)

Summary IBM TRIRIGA Application Platform discloses Stored Cross Site Scripting Vulnerability Details CVEID:CVE-2022-43914 DESCRIPTION: IBM TRIRIGA is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Security Bulletin: IBM TRIRIGA discloses CVE-2015-0254

Summary IBM TRIRIGA discloses CVE-2015-0254 Vulnerability Details CVEID:CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection XXE error when processing XML data. By sending...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-20215-0250

Summary IBM TRIRIGA Application Platform discloses CVE-2015-0250 Vulnerability Details CVEID:CVE-2015-0250 DESCRIPTION: Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-11987

Summary IBM TRIRIGA Application Platform discloses CVE-2020-11987 Vulnerability Details CVEID:CVE-2020-11987 DESCRIPTION: Apache XML Graphics Batik is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an...

Security Bulletin: Tririga is vulnerable to remote hacker due to dom4j open source

Summary IBM Tririga is vulnerable to remote attacker due to dom4j open source. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a...

Security Bulletin: IBM TRIRIGA Reporting a component of IBM TRIRIGA Application Platform is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-44228 )

Summary IBM TRIRIGA Reporting a component of IBM TRIRIGA Application Platform is vulnerable to denial of service and arbitrary code execution due to Apache Log4j. Apache Log4j is used by IBM TRIRIGA Reporting as part of its logging infrastructure. This bulletin addresses this vulnerability by...

Security Bulletin: Vulnerability in IBM TRIRIGA Application Platform (CVE-2015-7450)

Summary IBM TRIRIGA Platform is vulnerable to Java Object De-Serialization Vulnerability. Vulnerability Details CVEID: CVE-2015-7450 CVSS Base Score: 9.80 CVSS Temporal Score: See X-Force for the current score CVSS Environmental Score: Undefined CVSS Vector:...

PT-2019-16964 · Ibm · Ibm Tririga Application Platform

Name of the Vulnerable Software and Affected Versions: IBM TRIRIGA Application Platform versions 3.5.3 through 3.6.0 Description: The issue may disclose sensitive information that is only available to a local user, which could be used in further attacks against the system. Recommendations: For...

IBM TRIRIGA Application Platform Code Issue Vulnerability

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

Security Bulletin: IBM TRIRIGA Application Platform Apache CXF Vulnerability (CVE-2018-8039)

Summary IBM TRIRIGA has addressed the following vulnerability. Apache CXF could allow a remote attacker to conduct a man-in-the-middle attack. The TLS hostname verification does not work correctly with com.sun.net.ssl interface. An attacker could exploit this vulnerability to launch a...

Security Bulletin: IBM TRIRIGA Document Manager Privilege Escalation (CVE-2017-1180)

Summary IBM TRIRIGA Document Manager is vulnerable to a privilege escalation attack. Vulnerability Details CVEID: CVE-2017-1180 DESCRIPTION: The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. CVSS Base...

Security Bulletin: IBM TRIRIGA Application Platform Information Disclosure (CVE-2016-0343)

Summary IBM TRIRIGA could allow an authenticated user to obtain sensitive information displayed in error messages. Vulnerability Details CVEID: CVE-2016-0343 DESCRIPTION: IBM TRIRIGA could allow an authenticated user to obtain sensitive information displayed in error messages. CVSS Base Score: 4....

CVE-2016-0348

Cross-site request forgery CSRF vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813...

CVE-2016-0343

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784...

Unspecified Remote Elevation of Privilege Vulnerability in IBM TRIRIGA Application Platform (CNVD-2017-25612)

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

CVE-2017-1371

Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864...