PT-2015-4503 · Ibm · Ibm Openpages Grc Platform
Published
2015-10-03
·
Updated
2015-10-05
·
CVE-2015-0145
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM OpenPages GRC Platform versions 6.2 before IF7
IBM OpenPages GRC Platform versions 6.2.1 before 6.2.1.1 IF5
IBM OpenPages GRC Platform versions 7.0 before FP4
IBM OpenPages GRC Platform versions 7.1 before FP1
Description
A cross-site request forgery (CSRF) issue allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Recommendations
For IBM OpenPages GRC Platform version 6.2 before IF7, update to a version that includes IF7 or later.
For IBM OpenPages GRC Platform version 6.2.1 before 6.2.1.1 IF5, update to a version that includes 6.2.1.1 IF5 or later.
For IBM OpenPages GRC Platform version 7.0 before FP4, update to a version that includes FP4 or later.
For IBM OpenPages GRC Platform version 7.1 before FP1, update to a version that includes FP1 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Openpages Grc Platform