{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-07-02T14:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IV83657", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV83657"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-0386", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IV83657", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV83657"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-0386", "datePublished": "2016-07-02T14:00:00", "dateReserved": "2015-12-08T00:00:00", "dateUpdated": "2016-07-02T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6282A028-3DB7-4CE3-8479-2B254EE20C61", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D387C439-0C1C-4419-9115-F830414AC6D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A44316ED-571F-4E4B-BC02-CED0E09D175E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B422964C-DAC7-4896-9368-AFDC6BE64F87", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "31E156E1-EA1D-463B-AC55-964D1897BB12", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E0AC53E-0F04-4F25-9F9C-AFF998C1CEB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "648D0E41-BA9F-4798-A5E4-413F7D895B7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "110B75DA-3B5D-4B2A-A243-C02F04A69DD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3CFF6D9D-633A-414B-9A81-9627F1006F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "2FAD7EB7-9157-4FA1-822D-C5C704136FD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "59161DED-CC0F-4BD2-BCAD-6D3E766FAB8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "1A818249-26BA-4575-9805-3AC8C038B25B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC985F26-E915-49CA-951A-7E3FE59E5377", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DD18A13-F399-4E83-9976-B7C6FB41B236", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D0F8B24-227A-42F2-A6FC-03AFB588CCCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0E748299-7540-4141-B5DC-97C5C18FF162", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "13E00EA8-D6B3-464A-A7E8-F186FE4A3DB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "00554970-B211-438A-A51C-5CF618431886", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "78DD7794-25C5-4C04-9CFD-4CA9EAA4CA2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "220168B8-68E8-45CA-A351-7A07415495CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE1B5398-7C51-4834-AB7A-F284C23C95FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "627B09F8-666C-4D29-B415-7488DC54CD06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en IBM TRIRIGA Application Platform 3.3 en versiones anteriores a 3.3.2.6, 3.4 en versiones anteriores a 3.4.2.4 y 3.5 en versiones anteriores a 3.5.0.2 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de los administradores para peticiones de borrado de empleados."}], "id": "CVE-2016-0386", "lastModified": "2016-07-06T11:52:08.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-02T14:59:00.147", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV83657"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}