IBM OpenPages GRC Platform CVE-2017-1300 Cross Site Request Forgery Vulnerability



IBM OpenPages GRC Platform is prone to a cross-site request forgery vulnerability because it fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Information

Bugtraq ID: 101939
Class: Design Error
CVE: CVE-2017-1300

Remote: Yes
Local: No
Published: Oct 27 2017 12:00AM
Updated: Nov 23 2017 12:08PM
Credit: IBM
Vulnerable: IBM OpenPages GRC Platform 7.3
IBM OpenPages GRC Platform 7.2
IBM OpenPages GRC Platform 7.1
IBM OpenPages GRC Platform 7.0


Not Vulnerable: IBM OpenPages GRC Platform 7.3.0.1
IBM OpenPages GRC Platform 7.2.0.5
IBM OpenPages GRC Platform 7.1.0.4


Exploit


An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.


Related Posts