Vulnerabilities > IBM > Tririga Application Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2016-0300 | Improper Input Validation vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. | 5.5 |
| 2017-07-21 | CVE-2017-1374 | Information Exposure vulnerability in IBM Tririga Application Platform Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. | 4.0 |
| 2017-07-21 | CVE-2017-1373 | Unspecified vulnerability in IBM Tririga Application Platform Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. | 6.5 |
| 2017-07-21 | CVE-2017-1371 | Unspecified vulnerability in IBM Tririga Application Platform Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. | 6.5 |
| 2017-03-31 | CVE-2017-1171 | Remote Privilege Escalation vulnerability in IBM TRIRIGA Application Platform The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. | 4.0 |
| 2017-03-27 | CVE-2017-1153 | Remote Privilege Escalation vulnerability in IBM TRIRIGA Applications IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. | 6.5 |
| 2017-02-01 | CVE-2016-6000 | Cross-site Scripting vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. | 4.3 |
| 2016-11-30 | CVE-2016-2917 | Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform 10.4/10.5 The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors. | 6.5 |
| 2016-07-02 | CVE-2016-2882 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. | 4.0 |
| 2016-07-02 | CVE-2016-0386 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. | 6.0 |