Lucene search

K
IbmOpenpages Grc Platform

24 matches found

CVE
CVE
added 2024/08/22 11:15 a.m.70 views

CVE-2024-35151

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

6.5CVSS6.2AI score0.00081EPSS
CVE
CVE
added 2024/09/10 3:15 p.m.54 views

CVE-2024-27257

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

4.3CVSS4.5AI score0.00074EPSS
CVE
CVE
added 2025/01/09 2:15 p.m.52 views

CVE-2024-43176

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.

5.4CVSS6AI score0.00037EPSS
CVE
CVE
added 2017/11/01 9:29 p.m.47 views

CVE-2017-1148

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.

5.3CVSS4.8AI score0.00222EPSS
CVE
CVE
added 2015/10/03 10:59 p.m.43 views

CVE-2015-0144

Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916.

3.5CVSS5.2AI score0.00166EPSS
CVE
CVE
added 2017/11/01 9:29 p.m.43 views

CVE-2017-1300

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.

8.8CVSS8.4AI score0.00171EPSS
CVE
CVE
added 2017/11/01 9:29 p.m.40 views

CVE-2016-3048

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11471...

5.4CVSS5.2AI score0.00269EPSS
CVE
CVE
added 2016/01/01 5:59 a.m.38 views

CVE-2015-5049

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS6AI score0.00126EPSS
CVE
CVE
added 2017/11/01 9:29 p.m.38 views

CVE-2017-1147

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 12220...

5.4CVSS5.2AI score0.00237EPSS
CVE
CVE
added 2017/11/01 9:29 p.m.37 views

CVE-2017-1290

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 12515...

5.4CVSS5.2AI score0.00269EPSS
CVE
CVE
added 2017/10/24 9:29 p.m.36 views

CVE-2016-3049

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712.

5.4CVSS5.5AI score0.00182EPSS
CVE
CVE
added 2018/09/10 2:29 p.m.35 views

CVE-2017-1679

IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.

6.2CVSS5.1AI score0.00047EPSS
CVE
CVE
added 2017/11/01 9:29 p.m.34 views

CVE-2017-1333

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.

5.3CVSS4.9AI score0.00203EPSS
CVE
CVE
added 2015/10/03 10:59 p.m.33 views

CVE-2015-0143

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.

4CVSS5.7AI score0.00158EPSS
CVE
CVE
added 2015/10/03 10:59 p.m.32 views

CVE-2014-8916

Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144.

3.5CVSS5.2AI score0.00166EPSS
CVE
CVE
added 2015/10/03 10:59 p.m.32 views

CVE-2015-0142

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.

4CVSS6.2AI score0.00358EPSS
CVE
CVE
added 2014/06/27 11:55 p.m.31 views

CVE-2011-1381

Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors.

6.4CVSS6.6AI score0.0016EPSS
CVE
CVE
added 2014/06/27 11:55 p.m.31 views

CVE-2014-3011

IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors.

5CVSS6.9AI score0.00256EPSS
CVE
CVE
added 2015/10/03 10:59 p.m.31 views

CVE-2015-0141

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.

4CVSS6.3AI score0.00201EPSS
CVE
CVE
added 2018/08/30 4:29 p.m.31 views

CVE-2016-0234

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.

4CVSS3.5AI score0.00034EPSS
CVE
CVE
added 2021/05/11 4:15 p.m.30 views

CVE-2020-4535

IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.

5.4CVSS5.2AI score0.00187EPSS
CVE
CVE
added 2015/10/03 10:59 p.m.27 views

CVE-2015-0145

Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8CVSS6.2AI score0.00103EPSS
CVE
CVE
added 2021/05/11 4:15 p.m.27 views

CVE-2020-4536

IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.

4.3CVSS4.2AI score0.00099EPSS
CVE
CVE
added 2025/07/09 3:15 p.m.5 views

CVE-2025-2670

IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and intern...

4.3CVSS6.1AI score0.00027EPSS