CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38738 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2023-38738
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages ut... • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29907
https://notcve.org/view.php?id=CVE-2021-29907
31 Aug 2021 — IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. IBM OpenPages con Watson versiones 8.1 y 8.2, podría permitir a un usuario autenticado cargar un archivo que podría ejecutar código arbitrario en el sistema. IBM X-Force ID: 207633 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207633 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4536
https://notcve.org/view.php?id=CVE-2020-4536
11 May 2021 — IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907. IBM OpenPages GRC Platform versión 8.1, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usado en nuevos ataques contra el sistem... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182907 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4535
https://notcve.org/view.php?id=CVE-2020-4535
11 May 2021 — IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906. IBM OpenPages GRC Platform versión 8.1 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1679
https://notcve.org/view.php?id=CVE-2017-1679
10 Sep 2018 — IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001. IBM OpenPages GRC Platform 7.2, 7.3, 7.4 y 8.0 podría permitir que un atacante obtenga información sensible de archivos de registro de errores. IBM X-Force ID: 134001 • https://exchange.xforce.ibmcloud.com/vulnerabilities/134001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0234
https://notcve.org/view.php?id=CVE-2016-0234
30 Aug 2018 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. IBM OpenPages GRC Platform 7.1, 7.2 y 7.3 podría permtir que un usuario local obtenga información sensible cuando un usuario anterior ha cerrado su sesión en el sistema, pero no ha cerrado su navegador. IBM X-Force ID: 110303. • http://www-01.ibm.com/support/docview.wss?uid=swg21997687 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2016-3048
https://notcve.org/view.php?id=CVE-2016-3048
01 Nov 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711. La plataforma OpenPages GRC de IBM 7.1, 7.2 y 7.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que al... • http://www.ibm.com/support/docview.wss?uid=swg21997685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1148
https://notcve.org/view.php?id=CVE-2017-1148
01 Nov 2017 — IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. La plataforma OpenPages GRC de IBM 7.2 y 7.3 con la aplicación OpenPages Loss Event Entry (LEE) podría permitir que un usuario obtenga información sensible, incluidas API privadas, que podrían utilizarse en otros ataques contra el sistema. IBM X-Force ID: 122201. • http://www.ibm.com/support/docview.wss?uid=swg22009717 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1147
https://notcve.org/view.php?id=CVE-2017-1147
01 Nov 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200. La plataforma OpenPages GRC de IBM 7.1, 7.2 y 7.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que al... • http://www.ibm.com/support/docview.wss?uid=swg21997685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1333
https://notcve.org/view.php?id=CVE-2017-1333
01 Nov 2017 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. La plataforma OpenPages GRC de IBM, en sus versiones 7.1, 7.2 y 7.3 podría permitir que un usuario no autenticado obtenga información sensible sobre el servidor que podría utilizarse en futuros ataques contra el sistema. IBM X-Force ID: 126241. • http://www.ibm.com/support/docview.wss?uid=swg21997796 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •