CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4868 – IBM TRIRIGA information disclosure
https://notcve.org/view.php?id=CVE-2020-4868
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. IBM TRIRIGA v3.0, v4.0 y v4.4 podrían permitir a un atacante remoto obtener información sensible cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría utilizarse en ataques posteriores contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190744 https://www.ibm.com/support/pages/node/7015393 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 37EXPL: 0CVE-2017-1465
https://notcve.org/view.php?id=CVE-2017-1465
IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464. IBM TRIRIGA 3.2, 3.3, 3.4 y 3.5 podría permitir que un atacante remoto realizase un secuestro de clic a la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y, probablemente, lanzar más ataques contra esta. • http://www.ibm.com/support/docview.wss?uid=swg22006184 https://exchange.xforce.ibmcloud.com/vulnerabilities/128464 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5950
https://notcve.org/view.php?id=CVE-2012-5950
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8 permite a atacantes remotos secuestrar la autenticación de los usuarios arbitrarios de solicitudes que modifican los registros de datos a través de vectores relacionados (1) el html/es/default/ o (2) sqa/html/es/default/proceso/comm/saveProps.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628849 https://exchange.xforce.ibmcloud.com/vulnerabilities/80630 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5949
https://notcve.org/view.php?id=CVE-2012-5949
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8, que permiten a atacantes remotos inyectar contenido, y llevar a cabo ataques de phishing, a través de vectores relacionados con (1) el html/es/default/, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/es/default/reportTemplate/reportTemplateOrderCols.jsp, o (5) a/html/en/default/om2/omObjectFinder.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628851 http://www-01.ibm.com/support/docview.wss?uid=swg21628852 https://exchange.xforce.ibmcloud.com/vulnerabilities/80629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5948
https://notcve.org/view.php?id=CVE-2012-5948
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y 8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados (1) WebProcess.srv, (2) el html/es/default/, (3) Widget/recurso, (4) birt/conjunto de marcos, o (5) ganttlib/gantt-jws.jnlp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628847 https://exchange.xforce.ibmcloud.com/vulnerabilities/80628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •