596 matches found
CVE-2015-0142
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service maintenance-mode transition and data-storage outage by calling the System Administration Mode function...
CVE-2015-0145
Affected product: IBM OpenPages GRC Platform (versions 6.2 through 7.1). The CVE-2015-0145 issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by improper validation of user-supplied input that allows remote authenticated users to hijack the authentication of arbitrary users for cer...
IBM OpenPages GRC Platform Information Disclosure Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. IBM OpenPages GRC Platform has a security vulnerability that allows a remote attacker to submit a special request to obtain sensitive information from an erro...
IBM OpenPages GRC Platform Cross-Site Request Forgery Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. A cross-site request forgery vulnerability exists in IBM OpenPages GRC Platform that allows a remote attacker to construct a malicious URI, trick a user into...
IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. A cross-site scripting vulnerability exists in IBM OpenPages GRC Platform, which allows remote attackers to exploit the vulnerability to inject malicious scri...
IBM OpenPages GRC Platform Access Check Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. The IBM OpenPages GRC Platform did not perform adequate access checks for System Administration Mode, allowing a remote attacker to exploit a vulnerability th...
IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2015-06298)
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. A cross-site scripting vulnerability exists in IBM OpenPages GRC Platform, which allows remote attackers to exploit the vulnerability to inject malicious scri...
IBM OpenPages GRC Platform Security Restriction Bypass Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. The IBM OpenPages GRC Platform failed to perform adequate access checks on JSON requests, allowing a remote attacker to exploit a vulnerability to change user...
CVE-2014-3011
IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors...
CVE-2011-1381
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors...
Code injection
IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors...
Design/Logic Flaw
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors...
CVE-2014-3011
IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors...
CVE-2011-1381
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors...
CVE-2011-1381
Technical details for CVE-2011-1381 are not present in the provided documents. The entries only state a generic access-bypass vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4; monitor for future updates.
CVE-2014-3011
IBM OpenPages GRC Platform 6.1.0.1 before IF4 is affected by CVE-2014-3011. The vulnerability allows remote attackers to perform link injection via unspecified vectors, with network access, low attack complexity, no authentication required, and potential partial integrity impact (I). No specific ...