Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Information Disclosure
Ratpack
NVD
GitHub
CVSS 3.0
3.7
EPSS
1.3%
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
IBM
Information Disclosure
Tririga Application Platform
NVD
CVSS 3.1
3.3
EPSS
0.3%