Vulnerabilities > IBM > Tririga Application Platform > High

DATE CVE VULNERABILITY TITLE RISK
2023-04-07 CVE-2023-27876 Unspecified vulnerability in IBM Tririga Application Platform 4.0
IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm
7.1
2020-04-17 CVE-2020-4277 Information Exposure Through an Error Message vulnerability in IBM Tririga Application Platform 3.5.3/3.6.1.0
IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks.
network
low complexity
ibm CWE-209
7.5
2019-05-07 CVE-2019-4208 XXE vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-02-21 CVE-2016-0348 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.0
2018-02-02 CVE-2016-0312 Information Exposure vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager.
network
low complexity
ibm CWE-200
7.5
2017-07-21 CVE-2017-1373 Unspecified vulnerability in IBM Tririga Application Platform
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to.
network
low complexity
ibm
8.8
2017-07-21 CVE-2017-1371 Unspecified vulnerability in IBM Tririga Application Platform
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to.
network
low complexity
ibm
8.8
2017-03-27 CVE-2017-1153 Unspecified vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to.
network
low complexity
ibm
8.8
2016-11-30 CVE-2016-2917 Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform 10.4/10.5
The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors.
network
low complexity
ibm CWE-264
8.8
2016-07-02 CVE-2016-0386 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.
network
low complexity
ibm CWE-352
8.0