CSRF Vulnerability in IBM OpenPages GRC Platform
CVE-2015-0145

Currently unrated

Key Information:

Vendor: IBM
Status: Openpages Grc Platform
Vendor: CVE Published:; 3 October 2015

Summary

A Cross-site request forgery (CSRF) vulnerability exists in IBM OpenPages GRC Platform that allows remote authenticated users to potentially hijack the authentication of other users. This issue affects versions prior to IF7 for 6.2, before 6.2.1.1 IF5 for 6.2.1, earlier than FP4 for version 7.0, and pre-FP1 for version 7.1. The vulnerability can lead to unauthorized actions by exploiting the trust between the authenticated users and the platform, allowing for the insertion of malicious XSS sequences.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21963358

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 3, 2015
Vulnerability Reserved
Nov 18, 2014