Vulnerabilities > IBM > Tririga Application Platform > 3.4.1.0

DATE CVE VULNERABILITY TITLE RISK
2016-07-02 CVE-2016-0387 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.
network
ibm CWE-79
3.5
3.5
2016-07-01 CVE-2016-0374 Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform
The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.
network
low complexity
ibm CWE-264
6.5
6.5
2016-07-01 CVE-2016-0362 Security Bypass vulnerability in IBM TRIRIGA Application Platform
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service.
network
low complexity
ibm
4.0
4.0
2015-01-29 CVE-2014-8895 Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.
network
ibm CWE-264
4.3
4.3
2015-01-29 CVE-2014-8894 Open Redirection vulnerability in IBM Tririga Application Platform
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
network
ibm
4.9
4.9
2015-01-29 CVE-2014-8893 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5