CVE-2016-0386

HIGH

IBM TRIRIGA Application Platform <3.3.2.6-<3.5.0.2 - CSRF

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV83657

Scores

CVSS v3 8.0
EPSS 0.0049
EPSS Percentile 38.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (22)
ibm/tririga_application_platform 3.3.0.0
ibm/tririga_application_platform 3.3.0.1
ibm/tririga_application_platform 3.3.0.2
ibm/tririga_application_platform 3.3.1.0
ibm/tririga_application_platform 3.3.1.1
ibm/tririga_application_platform 3.3.1.2
ibm/tririga_application_platform 3.3.1.3
ibm/tririga_application_platform 3.3.2.0
ibm/tririga_application_platform 3.3.2.1
ibm/tririga_application_platform 3.3.2.3
... and 12 more
Published Jul 02, 2016
Tracked Since Feb 18, 2026