CVE-2015-0142

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service maintenance-mode transition and data-storage outage by calling the System Administration Mode function...

CVE-2015-0141

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request...

Design/Logic Flaw

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

Code injection

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service maintenance-mode transition and data-storage outage by calling the System Administration Mode function...

Code injection

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144...

CVE-2014-8916

Cross-site scripting XSS vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144...

CVE-2015-0145

Affected product: IBM OpenPages GRC Platform (versions 6.2 through 7.1). The CVE-2015-0145 issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by improper validation of user-supplied input that allows remote authenticated users to hijack the authentication of arbitrary users for cer...

CVE-2015-0143

IBM OpenPages GRC Platform is vulnerable to information disclosure via error messages for authenticated users. Affected versions include 6.2 through 7.1 (specifically 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1). The underlying issue is exposure of sensitive infor...

CVE-2015-0141

CVE-2015-0141 affects IBM OpenPages GRC Platform (versions 6.2–7.1). The root cause is insufficient access checks on JSON requests, allowing an authenticated user to modify arbitrary user filters. The vulnerability is documented with multiple related CVEs in IBM’s 2018 bulletin, which lists affec...

CVE-2014-8916

CVE-2014-8916 affects IBM OpenPages GRC Platform 6.2–7.1. The vulnerability is a cross-site scripting (XSS) issue caused by improper validation of user-supplied input, exploitable by remote authenticated users through a crafted URL to run script in a victim’s browser. Affected versions include 6....

CVE-2015-0142

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service maintenance-mode transition and data-storage outage by calling the System Administration Mode function...

CVE-2015-0145

Cross-site request forgery CSRF vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2014-8916

Cross-site scripting XSS vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144...

CVE-2015-0143

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages...

CVE-2015-0141

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request...

CVE-2015-0144

IBM OpenPages GRC Platform is affected by CVE-2015-0144 (XSS) across versions 6.2 (before IF7) through 7.1 (before FP1). The issue arises from improper validation of user-supplied input, allowing a remote authenticated user to inject and execute web scripts via a crafted URL, potentially stealing...

CVE-2015-0144

Cross-site scripting XSS vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916...