CVE-2016-0300

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 66.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tririga Application Platform

Timeline

PublishedFeb 2

Latest updateMay 14

Description

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDibm/tririga_application_platform20 versions+19

🔴Vulnerability Details

GHSA

GHSA-99cp-4mqf-p6x8: IBM TRIRIGA Application Platform 3↗2022-05-14

▶

CVEList

CVE-2016-0300: IBM TRIRIGA Application Platform 3↗2018-02-02

▶

💬Community

Bugzilla

CVE-2016-4972 openstack-murano: RCE via usage of insecure YAML tags↗2016-06-09

▶