Vulnerabilities > IBM > Openpages GRC Platform > 7.1.0.1

DATE CVE VULNERABILITY TITLE RISK
2018-08-30 CVE-2016-0234 Insufficient Session Expiration vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser.
local
low complexity
ibm CWE-613
2.1
2.1
2017-11-01 CVE-2017-1333 Information Exposure vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system.
network
low complexity
ibm CWE-200
5.0
5.0
2017-11-01 CVE-2017-1300 Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
6.8
2017-11-01 CVE-2017-1290 Cross-site Scripting vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-11-01 CVE-2017-1148 Information Exposure vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system.
network
low complexity
ibm CWE-200
5.0
5.0
2017-11-01 CVE-2017-1147 Cross-site Scripting vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-11-01 CVE-2016-3048 Cross-site Scripting vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2016-01-01 CVE-2015-5049 SQL Injection vulnerability in IBM Openpages GRC Platform
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5