Vulnerabilities > IBM > Tririga Application Platform > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-07 | CVE-2023-27876 | XXE vulnerability in IBM Tririga Application Platform 4.0 IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
| 2020-04-17 | CVE-2020-4277 | Information Exposure Through an Error Message vulnerability in IBM Tririga Application Platform 3.5.3/3.6.1.0 IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. | 7.5 |
| 2019-05-07 | CVE-2019-4208 | XXE vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-02-21 | CVE-2016-0348 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.0 |
| 2018-02-02 | CVE-2016-0312 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. | 7.5 |
| 2017-07-21 | CVE-2017-1373 | Unspecified vulnerability in IBM Tririga Application Platform Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. | 8.8 |
| 2017-07-21 | CVE-2017-1371 | Unspecified vulnerability in IBM Tririga Application Platform Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. | 8.8 |
| 2017-03-27 | CVE-2017-1153 | Unspecified vulnerability in IBM Tririga Application Platform IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. | 8.8 |
| 2016-11-30 | CVE-2016-2917 | Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform 10.4/10.5 The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors. | 8.8 |
| 2016-07-02 | CVE-2016-0386 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. | 8.0 |