Information Disclosure in IBM OpenPages GRC Platform
CVE-2017-1679

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Openpages Grc Platform
Vendor: CVE Published:; 10 September 2018

Summary

In IBM OpenPages GRC Platform versions 7.2, 7.3, 7.4, and 8.0, a vulnerability allows unauthorized access to sensitive information contained in error log files. This issue could potentially be exploited by attackers to gather confidential data, which raises serious security concerns for organizations utilizing the platform. It is crucial for users to apply appropriate security measures to safeguard against potential data breaches.

Affected Version(s)

OpenPages GRC Platform 7.2

OpenPages GRC Platform 7.3

OpenPages GRC Platform 7.4

References

https://www.ibm.com/support/docview.wss?uid=ibm10728737

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/134001

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2018
Vulnerability Reserved
Nov 30, 2016