Lucene search

IbmCVE-2015-0145

HistoryOct 03, 2015 - 10:59 p.m.

CVE-2015-0145

2015-10-0322:59:06

CWE-352

ibm

web.nvd.nist.gov

ibm

openpages

grc

platform

csrf

vulnerability

nvd

cve-2015-0145

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

62.1%

JSON

Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected configurations

Nvd

Node

ibmopenpages_grc_platformMatch6.2.0.0

ibmopenpages_grc_platformMatch6.2.1.0

ibmopenpages_grc_platformMatch6.2.1.1

ibmopenpages_grc_platformMatch7.0.0.0

ibmopenpages_grc_platformMatch7.1.0.0

VendorProductVersionCPE
ibmopenpages_grc_platform6.2.0.0cpe:2.3:a:ibm:openpages_grc_platform:6.2.0.0:*:*:*:*:*:*:*
ibmopenpages_grc_platform6.2.1.0cpe:2.3:a:ibm:openpages_grc_platform:6.2.1.0:*:*:*:*:*:*:*
ibmopenpages_grc_platform6.2.1.1cpe:2.3:a:ibm:openpages_grc_platform:6.2.1.1:*:*:*:*:*:*:*
ibmopenpages_grc_platform7.0.0.0cpe:2.3:a:ibm:openpages_grc_platform:7.0.0.0:*:*:*:*:*:*:*
ibmopenpages_grc_platform7.1.0.0cpe:2.3:a:ibm:openpages_grc_platform:7.1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	openpages_grc_platform	6.2.0.0	cpe:2.3:a:ibm:openpages_grc_platform:6.2.0.0:::::::*
ibm	openpages_grc_platform	6.2.1.0	cpe:2.3:a:ibm:openpages_grc_platform:6.2.1.0:::::::*
ibm	openpages_grc_platform	6.2.1.1	cpe:2.3:a:ibm:openpages_grc_platform:6.2.1.1:::::::*
ibm	openpages_grc_platform	7.0.0.0	cpe:2.3:a:ibm:openpages_grc_platform:7.0.0.0:::::::*
ibm	openpages_grc_platform	7.1.0.0	cpe:2.3:a:ibm:openpages_grc_platform:7.1.0.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21963358

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

62.1%

JSON

Related for CVE-2015-0145