Skip to main content

Openpages Grc Platform CVE-2014-3011

MEDIUM
Code Injection (CWE-94)
2014-06-27 psirt@us.ibm.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 27, 2014 - 23:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors.

AnalysisAI

IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. Affected products include: Ibm Openpages Grc Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2017-1300 HIGH
8.8 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker t

CVE-2015-0145 MEDIUM
6.8 Oct 03

Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5,

CVE-2024-35151 MEDIUM
6.5 Aug 22

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper a

CVE-2017-1290 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2017-1147 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2016-3048 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2016-3049 MEDIUM
5.4 Oct 24

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vul

CVE-2015-5049 MEDIUM
5.4 Jan 01

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 a

CVE-2017-1148 MEDIUM
5.3 Nov 01

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain se

CVE-2017-1333 MEDIUM
5.3 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about t

CVE-2024-27257 MEDIUM
4.3 Sep 10

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source

CVE-2015-0142 MEDIUM
4.0 Oct 03

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote au

Share

CVE-2014-3011 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy