Ibm: >> Openpages Grc Platform Security Vulnerabilities
IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-09-10
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-08-22
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-05-11
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-05-11
IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.
CVSS Score
6.2
EPSS Score
0.0
Published
2018-09-10
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.
CVSS Score
4.0
EPSS Score
0.0
Published
2018-08-30
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-01
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-11-01
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-11-01
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-01
Page 1