CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8916
https://notcve.org/view.php?id=CVE-2014-8916
03 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144. Vulnerabilidad de XSS en IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1 permite a usuarios remo... • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0141
https://notcve.org/view.php?id=CVE-2015-0141
03 Oct 2015 — IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1 permite a usuarios remotos autenticados modificar filtros de usuario arbitrarios a través de una petición JSON. • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0142
https://notcve.org/view.php?id=CVE-2015-0142
03 Oct 2015 — IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1 permite a usuarios remotos autenticados causar una denegación... • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0144
https://notcve.org/view.php?id=CVE-2015-0144
03 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. Vulnerabilidad de XSS en IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1 permite a usuarios remo... • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1381
https://notcve.org/view.php?id=CVE-2011-1381
27 Jun 2014 — Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. Vulnerabilidad no especificada en IBM OpenPages GRC Platform 6.1.0.1 anterior a IF4 permite a atacantes remotos evadir restricciones de acceso a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21676990 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3011
https://notcve.org/view.php?id=CVE-2014-3011
27 Jun 2014 — IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. IBM OpenPages GRC Platform 6.1.0.1 anterior a IF4 permite a atacantes remotos realizar ataques de inyección de enlaces a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21676990 • CWE-94: Improper Control of Generation of Code ('Code Injection') •