47 matches found
Security Bulletin: IBM OpenPages fixes Apache Tika library vulnerability via XML External Entity injection
Summary Apache Tika library vulnerability via XML External Entity injection with IBM OpenPages have been addressed in the latest IBM OpenPages fixpack for 8.3, 9.0 and 9.1 Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.1...
CVE-2025-33110
CVE-2025-33110 affects IBM OpenPages 9.1 and 9.0 with Watson. The issue is HTML injection in the UI, allowing a remote attacker to inject HTML that runs in the victim’s browser within the hosting site’s security context. IBM’s bulletin confirms affected versions and lists fixes: 9.1.2 for 9.1 and...
IBM OpenPages with Watson Encryption Issue Vulnerability
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risks in financial activities by integrating, automatically identifying, measuring, monitoring,...
CVE-2025-1112
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users...
IBM OpenPages with Watson 安全漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
CVE-2025-27369
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...
CVE-2024-49784
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values...
CVE-2023-43039
IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
IBM OpenPages with Watson 安全漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
IBM OpenPages with Watson 安全漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
IBM OpenPages with Watson 安全漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
IBM OpenPages with Watson 加密问题漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risks in financial activities by integrating, automatically identifying, measuring, monitoring,...
IBM OpenPages with Watson 跨站脚本漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a hacker to execute arbitrary HTML code.
The vulnerability of the web interface of IBM OpenPages and IBM OpenPages with Watson relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...
The vulnerability of the web interfaces of IBM OpenPages and IBM OpenPages with Watson allows a hacker to intercept user sessions.
The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper session management. Exploiting this vulnerability can allow a malicious actor to intercept a user’s session...
The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a attacker to perform a CSRF attack.
The vulnerability of the web interfaces of IBM OpenPages and IBM OpenPages with Watson relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack remotely...
The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a perpetrator to write or re-write any files as desired.
The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to incorrect restrictions on the path name to the restricted catalog. Exploitation of this vulnerability could allow a malicious actor to write to or re-write any files remotely...
CVE-2024-49779
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote...
CVE-2024-49344
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...
CVE-2024-49781
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...