Security Bulletin: IBM OpenPages API permission security fixes

Summary Security fixes for a set of APIs that allowed unprivileged users to access sensitive information have been included in the latest IBM OpenPages fix packs for both versions 9.0 and 8.3. Vulnerability Details CVEID:CVE-2025-1112 DESCRIPTION: IBM OpenPages with Watson could allow an...

Security Bulletin: IBM OpenPages encryption fixes and enhancements

Summary Multiple encryption fixes and enhancements with IBM OpenPages have been addressed in the latest IBM OpenPages fixpacks for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-49784 DESCRIPTION: IBM OpenPages could provide weaker than expected security in storage of encrypted...

Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability

Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

CVE-2025-2670

IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and...

CVE-2025-2670

IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and...

CVE-2025-1112

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users...

CVE-2025-1112

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users...

CVE-2025-1112

CVE-2025-1112 affects IBM OpenPages with Watson 8.3 and 9.0. An authenticated user could access sensitive information that should be restricted to privileged users due to improper ownership/ access controls. The IBM Security Bulletin documents CVSS 3.1 base score 4.3 (Network, Low attack complexi...

CVE-2025-1112 IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users...

CVE-2025-1112 IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users...

CVE-2025-2670 IBM OpenPages information disclosure

IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and...

CVE-2025-2670 IBM OpenPages information disclosure

IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and...

CVE-2025-2670

IBM OpenPages 9.0 is affected by CVE-2025-2670 due to insufficient access control on certain REST endpoints related to the workflow feature. An authenticated user can disclose sensitive workflow configuration and internal state. The issue has a CVSS v3.1 base score of 4.3 (Medium) with Network at...

Security Bulletin: IBM OpenPages fixes multiple vulnerabilities

Summary Multiple vulnerabilities with IBM OpenPages have been addressed in the latest IBM OpenPages fixpack for 9.0 Vulnerability Details CVEID:CVE-2022-24891 DESCRIPTION: ESAPI is vulnerable to cross-site scripting, caused by incorrect regular expression for onsiteURL in the antisamy-esapi.xml...

PT-2025-28895 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 and 9.0 Description: An authenticated user may be able to obtain sensitive information that should only be accessible to privileged users. Recommendations: Apply appropriate access controls to restrict...

IBM OpenPages with Watson 安全漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...

IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages version 9.0, which stems from insufficient security in certain REST endpoints, and could lead to authenticated use...

PT-2025-28896 · Ibm · Ibm Openpages

Name of the Vulnerable Software and Affected Versions: IBM OpenPages version 9.0 Description: IBM OpenPages 9.0 is susceptible to the disclosure of sensitive information. This is due to insufficient security measures implemented for specific REST API endpoints associated with the workflow...

CVE-2025-27369

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...

CVE-2025-27369

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...