Vulnerabilities > IBM > Tririga Application Platform > 3.5.0.1

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-5980 Cross-site Scripting vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2016-07-02 CVE-2016-2883 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387.
network
low complexity
ibm CWE-79
5.4
5.4
2016-07-02 CVE-2016-2882 Information Exposure vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.
network
low complexity
ibm CWE-200
4.3
4.3
2016-07-02 CVE-2016-0387 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.
network
low complexity
ibm CWE-79
5.4
5.4
2016-07-02 CVE-2016-0386 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.
network
low complexity
ibm CWE-352
8.0
8.0
2016-07-01 CVE-2016-0374 Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform
The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.
network
low complexity
ibm CWE-264
8.8
8.8
2016-07-01 CVE-2016-0362 Unspecified vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service.
network
low complexity
ibm
7.7
7.7