Search Results | AttackerKB

Show filters

Topics 22 Users 9,710

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

22 Total Results

Displaying 11-20 of 22

Attacker Value

Unknown

CVE-2017-1290

Disclosure Date: November 01, 2017 (last updated November 26, 2024)

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.

0

Attacker Value

Unknown

CVE-2017-1147

Disclosure Date: November 01, 2017 (last updated November 26, 2024)

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.

0

Attacker Value

Unknown

CVE-2016-3049

Disclosure Date: October 24, 2017 (last updated November 26, 2024)

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712.

0

Attacker Value

Unknown

CVE-2015-5049

Disclosure Date: January 01, 2016 (last updated November 25, 2024)

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

0

Attacker Value

Unknown

CVE-2015-0145

Disclosure Date: October 03, 2015 (last updated October 05, 2023)

Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

0

Attacker Value

Unknown

CVE-2015-0143

Disclosure Date: October 03, 2015 (last updated October 05, 2023)

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.

0

Attacker Value

Unknown

CVE-2015-0141

Disclosure Date: October 03, 2015 (last updated October 05, 2023)

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.

0

Attacker Value

Unknown

CVE-2014-8916

Disclosure Date: October 03, 2015 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144.

0

Attacker Value

Unknown

CVE-2015-0142

Disclosure Date: October 03, 2015 (last updated October 05, 2023)

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.

0

Attacker Value

Unknown

CVE-2015-0144

Disclosure Date: October 03, 2015 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916.

0