CVE-2024-49344

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...

CVE-2024-49779

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote...

CVE-2024-49781

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

CVE-2024-49344

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...

CVE-2024-49779

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote...

CVE-2024-49781

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

CVE-2024-49337

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

CVE-2024-49337

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

CVE-2024-49337

CVE-2024-49337 affects IBM OpenPages with Watson 8.3 and OpenPages 9.0. The vulnerability arises from improper validation of user-supplied input in text fields used to construct workflow email notifications, enabling a remote authenticated attacker to inject HTML/script into an email, which would...

CVE-2024-49337 IBM OpenPages HTML injection

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

CVE-2024-49337 IBM OpenPages HTML injection

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

CVE-2024-49344

IBM OpenPages with Watson (versions 8.3 and 9.0) is affected by CVE-2024-49344 where a chat session remains active after user logout, enabling a session fixation issue. Affected component: OpenPages with Watson Assistant chat feature; root cause: chat session not terminated on logout. Impact: lim...

CVE-2024-49344 IBM OpenPages session fixation

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...

CVE-2024-49344 IBM OpenPages session fixation

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...

CVE-2024-49779

CVE-2024-49779 affects IBM OpenPages with Watson 8.3 and 9.0. It is a cross-site request forgery vulnerability caused by improper validation/management of authentication cookies, where an attacker could modify CSRF token and Session Id cookie parameters using another user’s cookies to bypass secu...

CVE-2024-49779 IBM OpenPages cross-site request forgery

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote...

CVE-2024-49779 IBM OpenPages cross-site request forgery

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote...

CVE-2024-49781

IBM OpenPages with Watson versions 8.3 and 9.0 are affected by an XXE vulnerability in XML data processing (CVE-2024-49781). The issue enables potential exposure of sensitive data or memory consumption due to external entity processing. Current sources identify a high-severity impact (CVSS v3.1 b...

CVE-2024-49781 IBM OpenPages XML external entity injection

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

CVE-2024-49781 IBM OpenPages XML external entity injection

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...