Information Disclosure Vulnerability in IBM OpenPages GRC Platform
CVE-2016-0234

4MEDIUM

Key Information:

Vendor: IBM
Status: Openpages Grc Platform
Vendor: CVE Published:; 30 August 2018

Summary

An information disclosure vulnerability exists in the IBM OpenPages GRC Platform, where a local user can access sensitive information left accessible by a previous user who has logged out but not closed the browser session. This flaw highlights the importance of proper session management to ensure that user data is not inadvertently exposed.

Affected Version(s)

OpenPages GRC Platform 7.1

OpenPages GRC Platform 7.2

OpenPages GRC Platform 7.3

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/110303

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21997687

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2018
Vulnerability Reserved
Dec 8, 2015