CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0234
https://notcve.org/view.php?id=CVE-2016-0234
30 Aug 2018 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. IBM OpenPages GRC Platform 7.1, 7.2 y 7.3 podría permtir que un usuario local obtenga información sensible cuando un usuario anterior ha cerrado su sesión en el sistema, pero no ha cerrado su navegador. IBM X-Force ID: 110303. • http://www-01.ibm.com/support/docview.wss?uid=swg21997687 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2016-3048
https://notcve.org/view.php?id=CVE-2016-3048
01 Nov 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711. La plataforma OpenPages GRC de IBM 7.1, 7.2 y 7.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que al... • http://www.ibm.com/support/docview.wss?uid=swg21997685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1148
https://notcve.org/view.php?id=CVE-2017-1148
01 Nov 2017 — IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. La plataforma OpenPages GRC de IBM 7.2 y 7.3 con la aplicación OpenPages Loss Event Entry (LEE) podría permitir que un usuario obtenga información sensible, incluidas API privadas, que podrían utilizarse en otros ataques contra el sistema. IBM X-Force ID: 122201. • http://www.ibm.com/support/docview.wss?uid=swg22009717 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1147
https://notcve.org/view.php?id=CVE-2017-1147
01 Nov 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200. La plataforma OpenPages GRC de IBM 7.1, 7.2 y 7.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que al... • http://www.ibm.com/support/docview.wss?uid=swg21997685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1333
https://notcve.org/view.php?id=CVE-2017-1333
01 Nov 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. La plataforma OpenPages GRC de IBM, en sus versiones 7.1, 7.2 y 7.3 podría permitir que un usuario no autenticado obtenga información sensible sobre el servidor que podría utilizarse en futuros ataques contra el sistema. IBM X-Force ID: 126241. • http://www.ibm.com/support/docview.wss?uid=swg21997796 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1300
https://notcve.org/view.php?id=CVE-2017-1300
01 Nov 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162. La plataforma OpenPages GRC de IBM, en sus versiones 7.1, 7.2 y 7.3 es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IB... • http://www.ibm.com/support/docview.wss?uid=swg22009684 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1290
https://notcve.org/view.php?id=CVE-2017-1290
01 Nov 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151. La plataforma OpenPages GRC de IBM 7.1, 7.2 y 7.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que al... • http://www.ibm.com/support/docview.wss?uid=swg22009770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3049
https://notcve.org/view.php?id=CVE-2016-3049
24 Oct 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712. IBM OpenPages GRC Platform 7.1, 7.2 y 7.3 es vulnerable a inyección HTML. Un atacante remoto podría inyectar código HTML malicioso que, una vez que se visualice, se ejecutaría en el navegador web de la víctima en el contexto de seguridad del si... • http://www.ibm.com/support/docview.wss?uid=swg21997686 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-5049
https://notcve.org/view.php?id=CVE-2015-5049
01 Jan 2016 — SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la API en IBM OpenPages GRC Platform 7.0 en versiones anteriores a 7.0.0.4 IF3 y 7.1 en versiones anteriores a 7.1.0.1 IF6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21970590 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •