cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-43176,https://securityvulnerability.io/vulnerability/CVE-2024-43176,Information Disclosure in IBM OpenPages by Authenticated Users,"IBM OpenPages version 9.0 features a vulnerability where authenticated users may access sensitive information, including configurations intended exclusively for privileged users. This oversight could lead to unintentional exposure of critical system information, potentially compromising the integrity of data and the security posture of the environment.",IBM,Openpages,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-09T14:03:37.176Z,0
CVE-2024-35117,https://securityvulnerability.io/vulnerability/CVE-2024-35117,Sensitive Information at Risk of Being Written to Clear Text Log Files,"IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.",IBM,Openpages With Watson,4.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-12-11T02:15:00.000Z,0
CVE-2024-27257,https://securityvulnerability.io/vulnerability/CVE-2024-27257,IBM OpenPages Vulnerability: Unauthorized Access to Client-Side Source Code via JavaScript Source Maps,IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.,IBM,Openpages,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-10T14:24:20.430Z,0
CVE-2024-35151,https://securityvulnerability.io/vulnerability/CVE-2024-35151,"{""name"":""Improper Authorization in OpenPages with Watson APIs""}",IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.,IBM,Openpages With Watson,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-08-22T10:12:55.160Z,0
CVE-2023-40683,https://securityvulnerability.io/vulnerability/CVE-2023-40683,IBM OpenPages with Watson privilege escalation,"IBM OpenPages with Watson versions 8.3 and 9.0 are susceptible to an authorization bypass vulnerability stemming from inadequate authorization checks. This security flaw allows a remote attacker, once authenticated as an OpenPages user, to exploit non-public APIs. Consequently, the attacker can bypass stipulated security restrictions, leading to the potential for unauthorized administrative access to the application. Organizations utilizing these versions should prioritize implementing security measures to safeguard their systems against such threats.",IBM,Openpages With Watson,8.8,HIGH,0.00107999995816499,false,false,false,false,,false,false,2024-01-19T00:54:43.947Z,0
CVE-2023-38738,https://securityvulnerability.io/vulnerability/CVE-2023-38738,IBM OpenPages with Watson information disclosure,"A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that could compromise security when using Native authentication. An attacker with access to the OpenPages database could exploit this weakness through a series of crafted actions. This could lead to unauthorized access to other accounts within the OpenPages environment, highlighting a potential risk for organizations relying on this authentication method.",IBM,OpenPages with Watson,8.1,HIGH,0.0005099999834783375,false,false,false,false,,false,false,2024-01-19T00:41:22.409Z,0
CVE-2021-29907,https://securityvulnerability.io/vulnerability/CVE-2021-29907,,IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.,IBM,Openpages With Watson,8.8,HIGH,0.00139999995008111,false,false,false,false,,false,false,2021-08-31T16:15:00.000Z,0
CVE-2020-4536,https://securityvulnerability.io/vulnerability/CVE-2020-4536,,IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.,IBM,Openpages Grc Platform,4.3,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2021-05-11T16:15:00.000Z,0
CVE-2020-4535,https://securityvulnerability.io/vulnerability/CVE-2020-4535,,IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.,IBM,Openpages Grc Platform,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-05-11T16:15:00.000Z,0
CVE-2017-1679,https://securityvulnerability.io/vulnerability/CVE-2017-1679,,"IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.",IBM,Openpages Grc Platform,6.2,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2018-09-10T14:29:00.000Z,0
CVE-2016-0234,https://securityvulnerability.io/vulnerability/CVE-2016-0234,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.",IBM,Openpages Grc Platform,4,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2018-08-30T16:29:00.000Z,0
CVE-2017-1290,https://securityvulnerability.io/vulnerability/CVE-2017-1290,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.",IBM,Openpages Grc Platform,5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2017-11-01T21:29:00.000Z,0
CVE-2017-1148,https://securityvulnerability.io/vulnerability/CVE-2017-1148,,IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.,IBM,Openpages Grc Platform,5.3,MEDIUM,0.0011599999852478504,false,false,false,false,,false,false,2017-11-01T21:29:00.000Z,0
CVE-2017-1147,https://securityvulnerability.io/vulnerability/CVE-2017-1147,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.",IBM,Openpages Grc Platform,5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2017-11-01T21:29:00.000Z,0
CVE-2016-3048,https://securityvulnerability.io/vulnerability/CVE-2016-3048,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711.",IBM,Openpages Grc Platform,5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2017-11-01T21:29:00.000Z,0
CVE-2017-1300,https://securityvulnerability.io/vulnerability/CVE-2017-1300,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.",IBM,Openpages Grc Platform,8.8,HIGH,0.0015800000401213765,false,false,false,false,,false,false,2017-11-01T21:29:00.000Z,0
CVE-2017-1333,https://securityvulnerability.io/vulnerability/CVE-2017-1333,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.",IBM,Openpages Grc Platform,5.3,MEDIUM,0.0011599999852478504,false,false,false,false,,false,false,2017-10-27T00:00:00.000Z,0
CVE-2016-3049,https://securityvulnerability.io/vulnerability/CVE-2016-3049,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712.",IBM,Openpages Grc Platform,5.4,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2017-10-24T21:00:00.000Z,0
CVE-2015-5049,https://securityvulnerability.io/vulnerability/CVE-2015-5049,,SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,IBM,Openpages Grc Platform,5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2016-01-01T02:00:00.000Z,0
CVE-2015-0145,https://securityvulnerability.io/vulnerability/CVE-2015-0145,,"Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.",IBM,Openpages Grc Platform,,,0.002360000042244792,false,false,false,false,,false,false,2015-10-03T22:00:00.000Z,0
CVE-2014-8916,https://securityvulnerability.io/vulnerability/CVE-2014-8916,,"Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144.",IBM,Openpages Grc Platform,,,0.0006300000241026282,false,false,false,false,,false,false,2015-10-03T22:00:00.000Z,0
CVE-2015-0143,https://securityvulnerability.io/vulnerability/CVE-2015-0143,,"IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.",IBM,Openpages Grc Platform,,,0.0007900000200606883,false,false,false,false,,false,false,2015-10-03T22:00:00.000Z,0
CVE-2015-0142,https://securityvulnerability.io/vulnerability/CVE-2015-0142,,"IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.",IBM,Openpages Grc Platform,,,0.0010600000387057662,false,false,false,false,,false,false,2015-10-03T22:00:00.000Z,0
CVE-2015-0141,https://securityvulnerability.io/vulnerability/CVE-2015-0141,,"IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.",IBM,Openpages Grc Platform,,,0.0007900000200606883,false,false,false,false,,false,false,2015-10-03T22:00:00.000Z,0
CVE-2015-0144,https://securityvulnerability.io/vulnerability/CVE-2015-0144,,"Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916.",IBM,Openpages Grc Platform,,,0.0006300000241026282,false,false,false,false,,false,false,2015-10-03T22:00:00.000Z,0