109 matches found
CVE-2015-0142
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service maintenance-mode transition and data-storage outage by calling the System Administration Mode function...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2015-0141
CVE-2015-0141 affects IBM OpenPages GRC Platform (versions 6.2–7.1). The root cause is insufficient access checks on JSON requests, allowing an authenticated user to modify arbitrary user filters. The vulnerability is documented with multiple related CVEs in IBM’s 2018 bulletin, which lists affec...
CVE-2015-0145
Cross-site request forgery CSRF vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...
IBM OpenPages GRC Platform Security Restriction Bypass Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. The IBM OpenPages GRC Platform failed to perform adequate access checks on JSON requests, allowing a remote attacker to exploit a vulnerability to change user...
IBM OpenPages GRC Platform Cross-Site Request Forgery Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. A cross-site request forgery vulnerability exists in IBM OpenPages GRC Platform that allows a remote attacker to construct a malicious URI, trick a user into...
CVE-2014-3011
IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors...
CVE-2011-1381
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors...
CVE-2014-3011
IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors...