CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4868 – IBM TRIRIGA information disclosure
https://notcve.org/view.php?id=CVE-2020-4868
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. IBM TRIRIGA v3.0, v4.0 y v4.4 podrían permitir a un atacante remoto obtener información sensible cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría utilizarse en ataques posteriores contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190744 https://www.ibm.com/support/pages/node/7015393 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4277
https://notcve.org/view.php?id=CVE-2020-4277
IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993. IBM TRIRIGA Application Platform versiones 3.5.3 y 3.6.1, divulga información confidencial en mensajes de error que podrían ayudar a un atacante a formular futuros ataques. IBM X-Force ID: 175993. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175993 https://www.ibm.com/support/pages/node/6193467 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5950
https://notcve.org/view.php?id=CVE-2012-5950
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8 permite a atacantes remotos secuestrar la autenticación de los usuarios arbitrarios de solicitudes que modifican los registros de datos a través de vectores relacionados (1) el html/es/default/ o (2) sqa/html/es/default/proceso/comm/saveProps.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628849 https://exchange.xforce.ibmcloud.com/vulnerabilities/80630 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5949
https://notcve.org/view.php?id=CVE-2012-5949
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8, que permiten a atacantes remotos inyectar contenido, y llevar a cabo ataques de phishing, a través de vectores relacionados con (1) el html/es/default/, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/es/default/reportTemplate/reportTemplateOrderCols.jsp, o (5) a/html/en/default/om2/omObjectFinder.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628851 http://www-01.ibm.com/support/docview.wss?uid=swg21628852 https://exchange.xforce.ibmcloud.com/vulnerabilities/80629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5948
https://notcve.org/view.php?id=CVE-2012-5948
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y 8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados (1) WebProcess.srv, (2) el html/es/default/, (3) Widget/recurso, (4) birt/conjunto de marcos, o (5) ganttlib/gantt-jws.jnlp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628847 https://exchange.xforce.ibmcloud.com/vulnerabilities/80628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •