CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0344
https://notcve.org/view.php?id=CVE-2016-0344
Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el componente My Reports en IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4. anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 111785. • http://exchange.xforce.ibmcloud.com/vulnerabilities/111785 http://www-01.ibm.com/support/docview.wss?uid=swg21980234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0345
https://notcve.org/view.php?id=CVE-2016-0345
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786. IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4 anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite que usuarios autenticados remotos obtengan la ruta de instalación mediante vectores relacionados con la representación de informes Birt. IBM X-Force ID: 111786. • http://exchange.xforce.ibmcloud.com/vulnerabilities/111786 http://www-01.ibm.com/support/docview.wss?uid=swg21980233 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0312
https://notcve.org/view.php?id=CVE-2016-0312
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486. IBM TRIRIGA Application Platform en versiones anteriores a la 3.3.2 permite que los atacantes remotos obtengan información sensible mediante vectores relacionados con la concesión de acceso no autenticado a Document Manager. IBM X-Force ID: 111486. • http://www-01.ibm.com/support/docview.wss?uid=swg21979762 https://exchange.xforce.ibmcloud.com/vulnerabilities/111486 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2016-0300
https://notcve.org/view.php?id=CVE-2016-0300
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412. IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a 3.3.2.6; versiones 3.4 anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, podría permitir que atacantes remotos accedan a páginas JSP arbitrarias mediante vectores relacionados con la validación incorrecta de entradas. IBM X-Force ID: 111412. • http://www-01.ibm.com/support/docview.wss?uid=swg21979760 https://exchange.xforce.ibmcloud.com/vulnerabilities/111412 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0342
https://notcve.org/view.php?id=CVE-2016-0342
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783. IBM TRIRIGA Application Platform en versiones 3.3 anteriores a la 3.3.2.6, 3.4 anteriores a la 3.4.2.3 y 3.5 anteriores a la 3.5.0.1 permite que los usuarios autenticados remotos lean o modifiquen informes arbitrarios aprovechándose de una concesión incorrecta de acceso. IBM X-Force ID: 111783. • http://www-01.ibm.com/support/docview.wss?uid=swg21980252 https://exchange.xforce.ibmcloud.com/vulnerabilities/111783 • CWE-284: Improper Access Control •