CVE-2016-3048

CVE-2016-3048 affects IBM OpenPages GRC Platform versions 7.1, 7.2, and 7.3, with a cross-site scripting (XSS) vulnerability in the Web UI that can allow embedding arbitrary JavaScript within a trusted session. The IBM security bulletin for OpenPages confirms XSS in multiple CVEs (including CVE-2...

CVE-2017-1300

CVE-2017-1300 concerns cross-site request forgery in IBM OpenPages GRC Platform versions 7.1–7.3. The vulnerability could allow a malicious action to be executed within a trusted user session. The IBM advisory states affected components as the OpenPages GRC Platform and provides remediation by ap...

CVE-2017-1148

The CVE-2017-1148 entry applies to IBM OpenPages GRC Platform versions 7.2–7.3 with the OpenPages Loss Event Entry (LEE) application. The root cause is described as insecure object reference leading to information disclosure of sensitive data, including private APIs, which could be leveraged for ...

CVE-2017-1290

IBM OpenPages GRC Platform versions 7.1–7.3 are reported vulnerable to cross-site scripting, allowing an attacker to inject JavaScript into the Web UI. The issue affects OpenPages GRC Platform 7.1, 7.2, and 7.3 as described in IBM’s bulletin. Remediation is provided via versioned fixes: 7.3.0.1 o...

IBM OpenPages GRC Platform HTML Injection Vulnerability

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges from IBM in the United States. The platform provides a set of core services and functional components across the risk and compliance domains, including...

CVE-2016-3049

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712...

Design/Logic Flaw

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712...

CVE-2016-3049

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712...

CVE-2016-3049

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712...

CVE-2016-3049

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712...

CVE-2016-3049

IBM OpenPages GRC Platform is affected by CVE-2016-3049: HTML injection in versions 7.1–7.3. A remote attacker could inject HTML that executes in the victim’s browser within the hosting site’s context. IBM’s bulletin lists fixes per version: 7.3 Fix Pack 1 (7.3.0.1) or later, 7.2 Fix Pack 3 (7.2....

CVE-2015-5049

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-5049

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-5049

IBM OpenPages GRC Platform is affected by a blind SQL injection in the API (CVE-2015-5049). Affected versions are OpenPages GRC Platform 7.1 (before 7.1.0.1 IF6) and 7.0 (before 7.0.0.4 IF3). An attacker could remotely craft SQL statements to view, add, modify, or delete data in the backend datab...

CVE-2015-5049

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

IBM OpenPages GRC Platform SQL Injection Vulnerability

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges from IBM in the United States. The platform provides a set of core services and functional components across the risk and compliance domains, including...

CVE-2015-0145

Cross-site request forgery CSRF vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2015-0144

Cross-site scripting XSS vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916...

CVE-2015-0143

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages...