) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:tririga_application_platform:8.0
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2012-5950 |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. Published: April 23, 2013; 7:47:35 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2012-5949 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. Published: April 23, 2013; 7:47:35 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-5948 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. Published: April 23, 2013; 7:47:35 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |