Vulnerabilities > IBM > Openpages GRC Platform > 7.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2016-01-01 CVE-2015-5049 SQL Injection vulnerability in IBM Openpages GRC Platform
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5
2015-10-03 CVE-2015-0145 Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform
Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8
6.8
2015-10-03 CVE-2015-0144 Cross-site Scripting vulnerability in IBM Openpages GRC Platform
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916.
network
ibm CWE-79
3.5
3.5
2015-10-03 CVE-2015-0143 Information Exposure vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.
network
low complexity
ibm CWE-200
4.0
4.0
2015-10-03 CVE-2015-0142 Permissions, Privileges, and Access Controls vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.
network
low complexity
ibm CWE-264
4.0
4.0
2015-10-03 CVE-2015-0141 Improper Access Control vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.
network
low complexity
ibm CWE-284
4.0
4.0
2015-10-03 CVE-2014-8916 Cross-site Scripting vulnerability in IBM Openpages GRC Platform
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144.
network
ibm CWE-79
3.5
3.5