Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-35151)

Summary

A vulnerability caused by improper authorization checks could allow authenticated users access to sensitive information through APIs.

Vulnerability Details

CVEID:CVE-2024-35151
**DESCRIPTION:**IBM OpenPages with Watson could allow authenticated users access to sensitive information through improper authorization controls on APIs.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292638 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:

Product

|

Remediation

—|—

For IBM OpenPages with Watson 8.3

- Apply 8.3 FixPack 3 (8.3.0.3)

|

Download URL for 8.3.0.3

<https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3&gt;

For IBM OpenPages 9.0

- Apply 9.0 FixPack 3 **(9.0.0.3)**or later

|

Download URL for 9.0.0.3

<https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-3&gt;

For IBM OpenPages v8.0/8.1/8.2 customers, IBM recommends to upgrade to a fixed and supported versions 8.3 or9.0 of the product.

Workarounds and Mitigations

None