Vulnerabilities > IBM > Tririga Application Platform > 3.3.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-02 | CVE-2016-2882 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. | 4.0 |
2016-07-02 | CVE-2016-0387 | Cross-site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883. | 3.5 |
2016-07-02 | CVE-2016-0386 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. | 6.0 |
2016-07-01 | CVE-2016-0374 | Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors. | 6.5 |
2016-07-01 | CVE-2016-0362 | Security Bypass vulnerability in IBM TRIRIGA Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service. | 4.0 |
2014-10-29 | CVE-2014-4839 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
2014-10-19 | CVE-2014-4840 | Improper Input Validation vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. | 7.5 |
2014-10-19 | CVE-2014-4838 | Cross-Site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-10-19 | CVE-2014-4837 | Cross-Site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-10-19 | CVE-2014-4836 | Cross-Site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |