Lucene search

IbmCVE-2012-5949

HistoryApr 23, 2013 - 11:47 a.m.

CVE-2012-5949

2013-04-2311:47:35

CWE-79

ibm

web.nvd.nist.gov

cve-2012-5949

cross-site scripting

xss

ibm

tririga

application platform

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp.

Affected configurations

Nvd

Node

ibmtririga_application_platformMatch2.1

ibmtririga_application_platformMatch2.5

ibmtririga_application_platformMatch2.6

ibmtririga_application_platformMatch2.7

ibmtririga_application_platformMatch3.0

ibmtririga_application_platformMatch3.1

ibmtririga_application_platformMatch3.2

ibmtririga_application_platformMatch3.2.1

ibmtririga_application_platformMatch8.0

VendorProductVersionCPE
ibmtririga_application_platform2.1cpe:2.3:a:ibm:tririga_application_platform:2.1:*:*:*:*:*:*:*
ibmtririga_application_platform2.5cpe:2.3:a:ibm:tririga_application_platform:2.5:*:*:*:*:*:*:*
ibmtririga_application_platform2.6cpe:2.3:a:ibm:tririga_application_platform:2.6:*:*:*:*:*:*:*
ibmtririga_application_platform2.7cpe:2.3:a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:*
ibmtririga_application_platform3.0cpe:2.3:a:ibm:tririga_application_platform:3.0:*:*:*:*:*:*:*
ibmtririga_application_platform3.1cpe:2.3:a:ibm:tririga_application_platform:3.1:*:*:*:*:*:*:*
ibmtririga_application_platform3.2cpe:2.3:a:ibm:tririga_application_platform:3.2:*:*:*:*:*:*:*
ibmtririga_application_platform3.2.1cpe:2.3:a:ibm:tririga_application_platform:3.2.1:*:*:*:*:*:*:*
ibmtririga_application_platform8.0cpe:2.3:a:ibm:tririga_application_platform:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tririga_application_platform	2.1	cpe:2.3:a:ibm:tririga_application_platform:2.1:::::::*
ibm	tririga_application_platform	2.5	cpe:2.3:a:ibm:tririga_application_platform:2.5:::::::*
ibm	tririga_application_platform	2.6	cpe:2.3:a:ibm:tririga_application_platform:2.6:::::::*
ibm	tririga_application_platform	2.7	cpe:2.3:a:ibm:tririga_application_platform:2.7:::::::*
ibm	tririga_application_platform	3.0	cpe:2.3:a:ibm:tririga_application_platform:3.0:::::::*
ibm	tririga_application_platform	3.1	cpe:2.3:a:ibm:tririga_application_platform:3.1:::::::*
ibm	tririga_application_platform	3.2	cpe:2.3:a:ibm:tririga_application_platform:3.2:::::::*
ibm	tririga_application_platform	3.2.1	cpe:2.3:a:ibm:tririga_application_platform:3.2.1:::::::*
ibm	tririga_application_platform	8.0	cpe:2.3:a:ibm:tririga_application_platform:8.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21628851

www-01.ibm.com/support/docview.wss?uid=swg21628852

exchange.xforce.ibmcloud.com/vulnerabilities/80629

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Related for CVE-2012-5949