5 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486. IBM TRIRIGA Application Platform en versiones anteriores a la 3.3.2 permite que los atacantes remotos obtengan información sensible mediante vectores relacionados con la concesión de acceso no autenticado a Document Manager. IBM X-Force ID: 111486. • http://www-01.ibm.com/support/docview.wss?uid=swg21979762 https://exchange.xforce.ibmcloud.com/vulnerabilities/111486 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified input to html/en/default/actionHandler/queryHandler.jsp, or (3) unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x anterior a v3.3.1.1, y v8, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarias a traves de (1) entrada sin especificar en WebProcess.srv, (2) entrada sin especificar en html/en/default/actionHandler/queryHandler.jsp, o (3) entrada sin especificar en una acción portalSectionId en html/en/default/reportTemplate/hGridTopQuery.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21646694 https://exchange.xforce.ibmcloud.com/vulnerabilities/85266 https://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_tririga_application_platform_has_potential_cross_site_scripting_vulnerabilities_in_various_url_s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8 permite a atacantes remotos secuestrar la autenticación de los usuarios arbitrarios de solicitudes que modifican los registros de datos a través de vectores relacionados (1) el html/es/default/ o (2) sqa/html/es/default/proceso/comm/saveProps.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628849 https://exchange.xforce.ibmcloud.com/vulnerabilities/80630 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8, que permiten a atacantes remotos inyectar contenido, y llevar a cabo ataques de phishing, a través de vectores relacionados con (1) el html/es/default/, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/es/default/reportTemplate/reportTemplateOrderCols.jsp, o (5) a/html/en/default/om2/omObjectFinder.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628851 http://www-01.ibm.com/support/docview.wss?uid=swg21628852 https://exchange.xforce.ibmcloud.com/vulnerabilities/80629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y 8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados (1) WebProcess.srv, (2) el html/es/default/, (3) Widget/recurso, (4) birt/conjunto de marcos, o (5) ganttlib/gantt-jws.jnlp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628847 https://exchange.xforce.ibmcloud.com/vulnerabilities/80628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •