NotCVE - vendor:"Ibm" product:"Openpages Grc Platform" version:"7.0.0.3"

7 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2015-5049

https://notcve.org/view.php?id=CVE-2015-5049

01 Jan 2016 — SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la API en IBM OpenPages GRC Platform 7.0 en versiones anteriores a 7.0.0.4 IF3 y 7.1 en versiones anteriores a 7.1.0.1 IF6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21970590 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2015-0143

https://notcve.org/view.php?id=CVE-2015-0143

03 Oct 2015 — IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1, permite a usuarios remotos autenticados obtener información sensible mediante la lectura de mensajes de error. • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2015-0145

https://notcve.org/view.php?id=CVE-2015-0145

03 Oct 2015 — Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4 y 7.1 en versiones anteriores a FP1 permite a usuarios remotos auten... • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2014-8916

https://notcve.org/view.php?id=CVE-2014-8916

03 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144. Vulnerabilidad de XSS en IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1 permite a usuarios remo... • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2015-0141

https://notcve.org/view.php?id=CVE-2015-0141

03 Oct 2015 — IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1 permite a usuarios remotos autenticados modificar filtros de usuario arbitrarios a través de una petición JSON. • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2015-0142

https://notcve.org/view.php?id=CVE-2015-0142

03 Oct 2015 — IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1 permite a usuarios remotos autenticados causar una denegación... • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2015-0144

https://notcve.org/view.php?id=CVE-2015-0144

03 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. Vulnerabilidad de XSS en IBM OpenPages GRC Platform 6.2 en versiones anteriores a IF7, 6.2.1 en versiones anteriores a 6.2.1.1 IF5, 7.0 en versiones anteriores a FP4, y 7.1 en versiones anteriores a FP1 permite a usuarios remo... • http://www-01.ibm.com/support/docview.wss?uid=swg21963358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •