Summaryinfo

A vulnerability was found in IBM OpenPages GRC Platform 8.1. It has been classified as problematic. Affected by this issue is some unknown functionality. Performing a manipulation results in information exposure. This vulnerability is cataloged as CVE-2020-4536. It is possible to initiate the attack remotely. There is no exploit available.

Detailsinfo

A vulnerability classified as problematic has been found in IBM OpenPages GRC Platform 8.1. This affects an unknown code block. The manipulation with an unknown input leads to a information exposure vulnerability. CWE is classifying the issue as CWE-209. The product generates an error message that includes sensitive information about its environment, users, or associated data. This is going to have an impact on confidentiality.

The weakness was shared 05/12/2021. It is possible to read the advisory at ibm.com. This vulnerability is uniquely identified as CVE-2020-4536. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/15/2021). It is expected to see the exploit prices for this product increasing in the near future.The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at X-Force (182907). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• IBM

Name

• OpenPages GRC Platform

Version

• 8.1

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion