Vulnerabilities > IBM > Tririga Application Platform > 3.2.1

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2020-4868 Information Exposure Through an Error Message vulnerability in IBM Tririga Application Platform
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
5.3
2018-02-02 CVE-2016-0312 Information Exposure vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager.
network
low complexity
ibm CWE-200
5.0
5.0
2015-01-29 CVE-2014-8895 Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.
network
ibm CWE-264
4.3
4.3
2015-01-29 CVE-2014-8894 Open Redirection vulnerability in IBM Tririga Application Platform
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
network
ibm
4.9
4.9
2015-01-29 CVE-2014-8893 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-10-19 CVE-2014-4840 Improper Input Validation vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL.
network
low complexity
ibm CWE-20
7.5
7.5
2014-10-19 CVE-2014-4838 Cross-Site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-10-19 CVE-2014-4837 Cross-Site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-10-19 CVE-2014-4836 Cross-Site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-05-07 CVE-2013-6726 Cross-Site Scripting vulnerability in IBM Tririga Application Platform
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5