IBM Openpages Grc Platform

IBM OpenPages 8.3/9.0 JS Source Map Info Disclosure
CVE-2024-27257 4.3 - Medium - September 10, 2024

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

Inclusion of Sensitive Information in Source Code

IBM OpenPages with Watson 8.3/9.0 Auth Breach via Improper API Authorization
CVE-2024-35151 6.5 - Medium - August 22, 2024

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

Missing Authentication for Critical Function

IBM OpenPages GRC Platform 8.1 could
CVE-2020-4536 4.3 - Medium - May 11, 2021

IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.

Generation of Error Message Containing Sensitive Information

IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting
CVE-2020-4535 5.4 - Medium - May 11, 2021

IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.

XSS

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting
CVE-2016-3048 - November 01, 2017

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711.

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting
CVE-2017-1147 - November 01, 2017

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs
CVE-2017-1148 - November 01, 2017

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting
CVE-2017-1290 - November 01, 2017

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user
CVE-2017-1300 - November 01, 2017

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server
CVE-2017-1333 - November 01, 2017

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.