CVE-2020-4868 – IBM TRIRIGA information disclosure
https://notcve.org/view.php?id=CVE-2020-4868
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. IBM TRIRIGA v3.0, v4.0 y v4.4 podrían permitir a un atacante remoto obtener información sensible cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría utilizarse en ataques posteriores contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190744 https://www.ibm.com/support/pages/node/7015393 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2016-0312
https://notcve.org/view.php?id=CVE-2016-0312
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486. IBM TRIRIGA Application Platform en versiones anteriores a la 3.3.2 permite que los atacantes remotos obtengan información sensible mediante vectores relacionados con la concesión de acceso no autenticado a Document Manager. IBM X-Force ID: 111486. • http://www-01.ibm.com/support/docview.wss?uid=swg21979762 https://exchange.xforce.ibmcloud.com/vulnerabilities/111486 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8893
https://notcve.org/view.php?id=CVE-2014-8893
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de XSS en (1) mainpage.jsp y (2) GetImageServlet.img en IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 anterior a 3.3.2.3, y 3.4.1 anterior a 3.4.1.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/62674 http://www-01.ibm.com/support/docview.wss?uid=swg21694767 https://exchange.xforce.ibmcloud.com/vulnerabilities/99012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8895
https://notcve.org/view.php?id=CVE-2014-8895
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL. IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 anterior a 3.3.2.3, y 3.4.1 anterior a 3.4.1.1 permite a atacantes remotos evadir las restricciones de acceso y leer los ficheros de imágenes de usuarios arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/62674 http://www-01.ibm.com/support/docview.wss?uid=swg21694771 http://www.securityfocus.com/bid/72430 https://exchange.xforce.ibmcloud.com/vulnerabilities/99014 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-8894
https://notcve.org/view.php?id=CVE-2014-8894
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter. Vulnerabilidad de redirección abierta en IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 anterior a 3.3.2.3, y 3.4.1 anterior a 3.4.1.1 permite a usuarios remotos autenticados redirigir usuarios redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través del parámetro out. • http://secunia.com/advisories/62674 http://www-01.ibm.com/support/docview.wss?uid=swg21694772 http://www.securityfocus.com/bid/72408 https://exchange.xforce.ibmcloud.com/vulnerabilities/99013 •