Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
IbmTririga Application Platform3.3.2.0

27 matches found

cve
cveadded 2017/07/21 8:29 p.m.50 views

CVE-2017-1371

Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.

8.8CVSS8.3AI score0.00459EPSS
cve
cveadded 2017/07/21 8:29 p.m.46 views

CVE-2017-1374

Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.

6.5CVSS6.2AI score0.00261EPSS
cve
cveadded 2017/12/07 3:29 p.m.46 views

CVE-2017-1465

IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...

5.4CVSS5.4AI score0.0012EPSS
cve
cveadded 2017/07/21 8:29 p.m.45 views

CVE-2017-1372

IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.2AI score0.00198EPSS
cve
cveadded 2016/07/02 2:59 p.m.42 views

CVE-2016-0386

Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.

8CVSS7.7AI score0.00096EPSS
cve
cveadded 2017/02/01 8:59 p.m.42 views

CVE-2016-6000

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS5.8AI score0.00238EPSS
cve
cveadded 2015/01/29 1:59 a.m.41 views

CVE-2014-8895

IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.

4.3CVSS6.7AI score0.0021EPSS
cve
cveadded 2018/02/21 4:29 p.m.41 views

CVE-2016-0348

Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.

8CVSS7.6AI score0.00179EPSS
cve
cveadded 2017/02/01 8:59 p.m.41 views

CVE-2016-5980

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00227EPSS
cve
cveadded 2017/07/21 8:29 p.m.41 views

CVE-2017-1373

Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.

8.8CVSS8.3AI score0.00598EPSS
cve
cveadded 2016/07/02 2:59 p.m.40 views

CVE-2016-0387

Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.

5.4CVSS4.9AI score0.00168EPSS
cve
cveadded 2017/03/31 6:59 p.m.40 views

CVE-2017-1171

The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.

4.3CVSS4.6AI score0.0019EPSS
cve
cveadded 2017/04/05 6:59 p.m.40 views

CVE-2017-1180

The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.

5.3CVSS5.2AI score0.0019EPSS
cve
cveadded 2016/07/01 1:59 a.m.39 views

CVE-2016-0362

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service.

7.7CVSS7.1AI score0.00138EPSS
cve
cveadded 2016/07/01 1:59 a.m.39 views

CVE-2016-0374

The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.

8.8CVSS8.3AI score0.00599EPSS
cve
cveadded 2016/07/02 2:59 p.m.39 views

CVE-2016-2882

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.

4.3CVSS4AI score0.00155EPSS
cve
cveadded 2017/03/27 10:59 p.m.39 views

CVE-2016-9737

IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.

5.4CVSS5.2AI score0.00227EPSS
cve
cveadded 2014/10/19 1:55 a.m.38 views

CVE-2014-4836

Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
cve
cveadded 2014/10/19 1:55 a.m.37 views

CVE-2014-4838

Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
cve
cveadded 2017/03/27 10:59 p.m.37 views

CVE-2017-1153

IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.

8.8CVSS8.5AI score0.00528EPSS
cve
cveadded 2014/10/19 1:55 a.m.35 views

CVE-2014-4840

IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL.

7.5CVSS7.7AI score0.02161EPSS
cve
cveadded 2018/02/02 9:29 p.m.35 views

CVE-2016-0300

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.

5.5CVSS5.3AI score0.00138EPSS
cve
cveadded 2014/10/29 10:55 a.m.34 views

CVE-2014-4839

Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that ...

6CVSS6.2AI score0.00088EPSS
cve
cveadded 2015/01/29 1:59 a.m.33 views

CVE-2014-8893

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
cve
cveadded 2016/07/02 2:59 p.m.33 views

CVE-2016-2883

Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387.

5.4CVSS4.9AI score0.00168EPSS
cve
cveadded 2015/01/29 1:59 a.m.32 views

CVE-2014-8894

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

4.9CVSS6.3AI score0.0018EPSS
cve
cveadded 2014/10/19 1:55 a.m.30 views

CVE-2014-4837

Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS