CVE-2020-4277 — Information Exposure via Error Message in IBM Tririga Application Platform

CWE-209 — Information Exposure via Error Message CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 60.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tririga Application Platform

Timeline

PublishedApr 17

Latest updateMay 24

Description

IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/tririga_application_platform3.5.3, 3.6.1+1

▶NVDibm/tririga_application_platform3.5.3, 3.6.1.0+1

🔴Vulnerability Details

GHSA

GHSA-qcf5-r7vw-m375: IBM TRIRIGA Application Platform 3↗2022-05-24

▶

CVEList

CVE-2020-4277: IBM TRIRIGA Application Platform 3↗2020-04-17

▶