Skip to main content

Openpages Grc Platform CVE-2017-1333

MEDIUM
Information Exposure (CWE-200)
2017-11-01 psirt@us.ibm.com
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 01, 2017 - 21:29 cve.org
MEDIUM 5.3

DescriptionCVE.org

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.

AnalysisAI

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. Affected products include: Ibm Openpages Grc Platform.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2017-1300 HIGH
8.8 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker t

CVE-2015-0145 MEDIUM
6.8 Oct 03

Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5,

CVE-2024-35151 MEDIUM
6.5 Aug 22

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper a

CVE-2017-1290 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2017-1147 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2016-3048 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2016-3049 MEDIUM
5.4 Oct 24

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vul

CVE-2015-5049 MEDIUM
5.4 Jan 01

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 a

CVE-2017-1148 MEDIUM
5.3 Nov 01

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain se

CVE-2014-3011 MEDIUM
5.0 Jun 27

IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified

CVE-2024-27257 MEDIUM
4.3 Sep 10

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source

CVE-2015-0142 MEDIUM
4.0 Oct 03

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote au

Share

CVE-2017-1333 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy