Security Bulletin: IBM OpenPages Platform with Database is affected by multiple vulnerabilities

Summary Security vulnerabilities exist in all versions of IBM OpenPages with Database. These vulnerabilities were reported in 01/20/2015 X-Force Report . Vulnerability Details CVEID: CVE-2014-6514 DESCRIPTION: An unspecified vulnerability in Oracle Database related to the PL/SQL component could...

Security Bulletin: Blind SQL injection vulnerability in IBM OpenPages GRC Platform API (CVE-2015-5049)

Summary A blind SQL injection vulnerability has been found in the OpenPages GRC Platform API that could allow retrival or manipulation of information in the database. Vulnerability Details CVEID: CVE-2015-5049 DESCRIPTION: IBM OpenPages GRC Platform is vulnerable to SQL injection. A remote attack...

Security Bulletin: Multiple potential vulnerabilites in IBM OpenPages GRC Platform

Summary The following security vulnerabilities have been identified in versions of IBM OpenPagesGRC Platform. See Vulnerability Details section for more information. Vulnerability Details Customers who have IBM OpenPages GRC platform are potentially impacted by the following vulnerabilities: CVEI...

Security Bulletin: Vulnerability in RC4 stream cipher affects OpenPages GRC Platform with Application Server (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenPages GRC Platform with Application Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Multiple vulnerabilities in IBM OpenPages Platform with Application Server

Summary The following security vulnerabilities have been identified in versions of IBM OpenPages with Application Server. See Vulnerability Details for CVE IDs. Vulnerability Details Customers who have IBM OpenPages with Application Server are potentially impacted by the following vulnerabilities...

Security Bulletin: IBM OpenPages Platform with Application Server vulnerabilities.

Summary The following security vulnerability exists in all versions of IBM OpenPages with Application Server: See Vulnerability Details for CVE ID. Vulnerability Details DESCRIPTION: Customers who have IBM OpenPages with Application Server are potentially impacted by the following vulnerability...

Security Bulletin: IBM OpenPages GRC Platform Apache Struts V1 ClassLoader vulnerability(CVE-2014-0114)

Summary IBM OpenPages GRC Platform has a potential security exposure due to a vulnerability in Apache Struts version 1. Vulnerability Details Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader...

IBM OpenPages GRC Platform Information Disclosure Vulnerability (CNVD-2017-34238)

The IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms from IBM USA for managing enterprise risk and compliance challenges. The platform provides a set of core services and functional components across the risk and compliance domains, including operational risk,...

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2017-34427)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2017-34428)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2017-34429)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

IBM OpenPages GRC Platform Information Disclosure Vulnerability (CNVD-2017-34430)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

IBM OpenPages GRC Platform Cross-Site Request Forgery Vulnerability (CNVD-2017-34431)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

CVE-2016-3048

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2016-3048

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2017-1300

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162...

CVE-2017-1333

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241...

CVE-2017-1148

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry LEE application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201...

CVE-2017-1290

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2017-1147

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...