SB2023080305 - Multiple vulnerabilities in IBM TRIRIGA Application Platform

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023080305

SB2023080305 - Multiple vulnerabilities in IBM TRIRIGA Application Platform

Published: August 3, 2023

Security Bulletin ID SB2023080305
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2016-0003)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.



2) Desereliazation of untrusted data (CVE-ID: CVE-2016-1000031)

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists in DiskFileItem class of the FileUpload library due to deserialization of untrusted data. A remote attacker can execute arbitrary code under the context of the current process.

Successful exploitation of the vulnerability may result in system compromise.

3) Information disclosure (CVE-ID: CVE-2016-0248)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive query-string information from SSL sessions via unspecified vectors.


Remediation

Install update from vendor's website.

References