Vulnerabilities > IBM > Openpages GRC Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-24 | CVE-2016-3049 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform 7.1/7.2/7.3 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. | 3.5 |
| 2016-01-01 | CVE-2015-5049 | SQL Injection vulnerability in IBM Openpages GRC Platform SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2015-10-03 | CVE-2015-0145 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2015-10-03 | CVE-2015-0144 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. | 3.5 |
| 2015-10-03 | CVE-2015-0143 | Information Exposure vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. | 4.0 |
| 2015-10-03 | CVE-2015-0142 | Permissions, Privileges, and Access Controls vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. | 4.0 |
| 2015-10-03 | CVE-2015-0141 | Improper Access Control vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. | 4.0 |
| 2015-10-03 | CVE-2014-8916 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144. | 3.5 |
| 2014-06-27 | CVE-2014-3011 | Code Injection vulnerability in IBM Openpages GRC Platform 6.1.0.1 IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. | 5.0 |
| 2014-06-27 | CVE-2011-1381 | Permissions, Privileges, and Access Controls vulnerability in IBM Openpages GRC Platform 6.1.0.1 Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. | 6.4 |