CVE-2016-0386
HIGHIBM TRIRIGA Application Platform <3.3.2.6-<3.5.0.2 - CSRF
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV83657
Scores
CVSS v3
8.0
EPSS
0.0049
EPSS Percentile
38.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (22)
ibm/tririga_application_platform
3.3.0.0
ibm/tririga_application_platform
3.3.0.1
ibm/tririga_application_platform
3.3.0.2
ibm/tririga_application_platform
3.3.1.0
ibm/tririga_application_platform
3.3.1.1
ibm/tririga_application_platform
3.3.1.2
ibm/tririga_application_platform
3.3.1.3
ibm/tririga_application_platform
3.3.2.0
ibm/tririga_application_platform
3.3.2.1
ibm/tririga_application_platform
3.3.2.3
... and 12 more
Published
Jul 02, 2016
Tracked Since
Feb 18, 2026