CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4868 – IBM TRIRIGA information disclosure
https://notcve.org/view.php?id=CVE-2020-4868
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. IBM TRIRIGA v3.0, v4.0 y v4.4 podrían permitir a un atacante remoto obtener información sensible cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría utilizarse en ataques posteriores contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190744 https://www.ibm.com/support/pages/node/7015393 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0299
https://notcve.org/view.php?id=CVE-2016-0299
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382. IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4 anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite que atacantes remotos obtengan información sensible mediante vectores relacionados con una consulta a la base de datos. IBM X-Force ID: 111382. • http://www-01.ibm.com/support/docview.wss?uid=swg21981155 https://exchange.xforce.ibmcloud.com/vulnerabilities/111382 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0343
https://notcve.org/view.php?id=CVE-2016-0343
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784. IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4 anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite que usuarios autenticados remotos obtengan información sensible mediante la lectura de un mensaje de error. IBM X-Force ID: 111784. • http://www-01.ibm.com/support/docview.wss?uid=swg21980229 https://exchange.xforce.ibmcloud.com/vulnerabilities/111784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0344
https://notcve.org/view.php?id=CVE-2016-0344
Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el componente My Reports en IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4. anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 111785. • http://exchange.xforce.ibmcloud.com/vulnerabilities/111785 http://www-01.ibm.com/support/docview.wss?uid=swg21980234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0345
https://notcve.org/view.php?id=CVE-2016-0345
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786. IBM TRIRIGA Application Platform, en versiones 3.3 anteriores a la 3.3.2.6, versiones 3.4 anteriores a la 3.4.2.3 y versiones 3.5 anteriores a la 3.5.0.1, permite que usuarios autenticados remotos obtengan la ruta de instalación mediante vectores relacionados con la representación de informes Birt. IBM X-Force ID: 111786. • http://exchange.xforce.ibmcloud.com/vulnerabilities/111786 http://www-01.ibm.com/support/docview.wss?uid=swg21980233 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •