Openpages Grc Platform

openpages_grc_platform

Vendor: Ibm • 22 CVEs

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-27257 1Ibm 2Openpages Grc Platform Openpages With Watson Sep 16, 2024 Sep 10, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.
CVE-2024-35151 1Ibm 2Openpages Grc Platform Openpages With Watson Aug 23, 2024 Aug 22, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
CVE-2020-4536 1Ibm 1Openpages Grc Platform Nov 21, 2024 May 11, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against t...Show more IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.Show less
CVE-2020-4535 1Ibm 1Openpages Grc Platform Nov 21, 2024 May 11, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede...Show more IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.Show less
CVE-2017-1679 1Ibm 1Openpages Grc Platform Nov 21, 2024 Sep 10, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.
CVE-2016-0234 1Ibm 1Openpages Grc Platform Nov 21, 2024 Aug 30, 2018 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.
CVE-2017-1333 1Ibm 1Openpages Grc Platform May 13, 2026 Nov 1, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.
CVE-2017-1300 1Ibm 1Openpages Grc Platform May 13, 2026 Nov 1, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-...Show more IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.Show less
CVE-2017-1290 1Ibm 1Openpages Grc Platform May 13, 2026 Nov 1, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le...Show more IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.Show less
CVE-2017-1148 1Ibm 1Openpages Grc Platform May 13, 2026 Nov 1, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system....Show more IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.Show less
CVE-2017-1147 1Ibm 1Openpages Grc Platform May 13, 2026 Nov 1, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le...Show more IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.Show less
CVE-2016-3048 1Ibm 1Openpages Grc Platform May 13, 2026 Nov 1, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le...Show more IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711.Show less
CVE-2016-3049 1Ibm 1Openpages Grc Platform May 13, 2026 Oct 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security conte...Show more IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712.Show less
CVE-2015-5049 1Ibm 1Openpages Grc Platform May 6, 2026 Jan 1, 2016 N/A· v4 5.4 MEDIUM· v3 6.5 MEDIUM· v2 SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0145 1Ibm 1Openpages Grc Platform May 6, 2026 Oct 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of...Show more Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.Show less
CVE-2015-0144 1Ibm 1Openpages Grc Platform May 6, 2026 Oct 3, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML...Show more Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916.Show less
CVE-2015-0143 1Ibm 1Openpages Grc Platform May 6, 2026 Oct 3, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.
CVE-2015-0142 1Ibm 1Openpages Grc Platform May 6, 2026 Oct 3, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage)...Show more IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.Show less
CVE-2015-0141 1Ibm 1Openpages Grc Platform May 6, 2026 Oct 3, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.
CVE-2014-8916 1Ibm 1Openpages Grc Platform May 6, 2026 Oct 3, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML...Show more Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144.Show less

12 Next