Security Bulletin: IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (April 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

Security Bulletin: IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

CVE-2023-43039

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-40683

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized...

CVE-2025-1112

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users...

Security Bulletin: IBM OpenPages fixes Apache Tika library vulnerability via XML External Entity injection

Summary Apache Tika library vulnerability via XML External Entity injection with IBM OpenPages have been addressed in the latest IBM OpenPages fixpack for 8.3, 9.0 and 9.1 Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.1...

CVE-2025-36223

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

CVE-2025-36223

IBM OpenPages versions 9.0 and 9.1 are affected by a Host header injection vulnerability (CVE-2025-36223) caused by improper validation of HOST header input. The issue could enable attacks such as cross-site scripting, cache poisoning, or session hijacking. Public details across multiple sources ...

CVE-2025-27368

CVE-2025-27368 affects IBM OpenPages 9.0 and 9.1, where insufficient access control on certain OpenPages REST endpoints allows an authenticated user to view system metadata beyond their authorization. The issue stems from weaker than expected REST endpoint security, enabling information disclosur...

CVE-2025-27368 IBM OpenPages Information Disclosure

IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond...

Security Bulletin: IBM OpenPages mitigates Host header injection vulnerability (CVE-2025-36223)

Summary A vulnerability in IBM OpenPages could allow an attacker to manipulate the Host header in a request, potentially influencing the response data. In certain redirection scenarios, user navigation could be influenced in unintended ways, potentially leading to exposure to untrusted...

Security Bulletin: IBM OpenPages Vulnerable to Information Disclosure (CVE-2025-27368)

Summary Application API vulnerability that exposes metadata for configurable fields due to insufficient access control checks in IBM OpenPages has been addressed. Vulnerability Details CVEID:CVE-2025-27368 DESCRIPTION: IBM OpenPages is vulnerable to information disclosure of sensitive information...

CVE-2025-33110

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-33110

CVE-2025-33110 affects IBM OpenPages 9.1 and 9.0 with Watson. The issue is HTML injection in the UI, allowing a remote attacker to inject HTML that runs in the victim’s browser within the hosting site’s security context. IBM’s bulletin confirms affected versions and lists fixes: 9.1.2 for 9.1 and...

CVE-2025-36121

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-36121 HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-36121

IBM OpenPages 9.0 and 9.1 are affected by an HTML injection (XSS) vulnerability in a specific URL endpoint. A remotely authenticated attacker could inject malicious HTML that executes in the victim’s browser within the hosting site's security context. CVSS v3.1 base score is 5.4 (medium) with net...

Security Bulletin:IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...