National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ibm:tririga_application_platform:3.3.2.5
There are 23 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2016-0299

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382.

Published: February 28, 2018; 12:29:00 PM -05:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2016-0345

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786.

Published: February 21, 2018; 11:29:00 AM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-0344

Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785.

Published: February 21, 2018; 11:29:00 AM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-0343

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784.

Published: February 21, 2018; 11:29:00 AM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-0342

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783.

Published: February 02, 2018; 04:29:00 PM -05:00
V3: 5.4 MEDIUM
V2: 5.5 MEDIUM
CVE-2016-0300

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.

Published: February 02, 2018; 04:29:00 PM -05:00
V3: 5.4 MEDIUM
V2: 5.5 MEDIUM
CVE-2017-1465

IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464.

Published: December 07, 2017; 10:29:00 AM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2017-1374

Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.

Published: July 21, 2017; 04:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1373

Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.

Published: July 21, 2017; 04:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-1372

IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865.

Published: July 21, 2017; 04:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2017-1371

Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.

Published: July 21, 2017; 04:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-1180

The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.

Published: April 05, 2017; 02:59:00 PM -04:00
V3: 5.3 MEDIUM
V2: 3.5 LOW
CVE-2017-1171

The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.

Published: March 31, 2017; 02:59:00 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1153

IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.

Published: March 27, 2017; 06:59:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2016-9737

IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.

Published: March 27, 2017; 06:59:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-6000

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Published: February 01, 2017; 03:59:01 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-5980

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Published: February 01, 2017; 03:59:01 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-2883

Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387.

Published: July 02, 2016; 10:59:16 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-2882

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.

Published: July 02, 2016; 10:59:15 AM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-0387

Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.

Published: July 02, 2016; 10:59:01 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW