CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4868 – IBM TRIRIGA information disclosure
https://notcve.org/view.php?id=CVE-2020-4868
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. IBM TRIRIGA v3.0, v4.0 y v4.4 podrían permitir a un atacante remoto obtener información sensible cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría utilizarse en ataques posteriores contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190744 https://www.ibm.com/support/pages/node/7015393 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0299
https://notcve.org/view.php?id=CVE-2016-0299
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382. IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4 anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite que atacantes remotos obtengan información sensible mediante vectores relacionados con una consulta a la base de datos. IBM X-Force ID: 111382. • http://www-01.ibm.com/support/docview.wss?uid=swg21981155 https://exchange.xforce.ibmcloud.com/vulnerabilities/111382 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0343
https://notcve.org/view.php?id=CVE-2016-0343
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784. IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4 anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite que usuarios autenticados remotos obtengan información sensible mediante la lectura de un mensaje de error. IBM X-Force ID: 111784. • http://www-01.ibm.com/support/docview.wss?uid=swg21980229 https://exchange.xforce.ibmcloud.com/vulnerabilities/111784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0348
https://notcve.org/view.php?id=CVE-2016-0348
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2 y 3.4 permite que atacantes remotos secuestren la autenticación de usuarios arbitrarios para peticiones que inserten secuencias XSS. IBM X-Force ID: 111813. • http://www-01.ibm.com/support/docview.wss?uid=swg21980237 https://exchange.xforce.ibmcloud.com/vulnerabilities/111813 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0344
https://notcve.org/view.php?id=CVE-2016-0344
Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el componente My Reports en IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4. anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 111785. • http://exchange.xforce.ibmcloud.com/vulnerabilities/111785 http://www-01.ibm.com/support/docview.wss?uid=swg21980234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •