Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:tririga_application_platform:3.2.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-4868 |
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. Published: July 30, 2023; 10:15:09 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2016-0312 |
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486. Published: February 02, 2018; 4:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-8895 |
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL. Published: January 28, 2015; 8:59:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8894 |
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter. Published: January 28, 2015; 8:59:01 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-8893 |
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: January 28, 2015; 8:59:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-4840 |
IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. Published: October 18, 2014; 9:55:15 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-4838 |
Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: October 18, 2014; 9:55:15 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-4837 |
Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: October 18, 2014; 9:55:15 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-4836 |
Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: October 18, 2014; 9:55:15 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-6726 |
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: May 07, 2014; 6:55:03 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-4003 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified input to html/en/default/actionHandler/queryHandler.jsp, or (3) unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp. Published: August 29, 2013; 8:07:54 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-5950 |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. Published: April 23, 2013; 7:47:35 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-5949 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. Published: April 23, 2013; 7:47:35 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5948 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. Published: April 23, 2013; 7:47:35 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |