CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

CVE-2024-49355

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature...

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

CVE-2024-49355

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature...

CVE-2024-43196

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses...

CVE-2024-43196

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses...

CVE-2024-49780

CVE-2024-49780 affects IBM OpenPages with Watson 8.3 and 9.0. The vulnerability arises from path traversal in the Import Configuration file-name parameter, allowing a privileged attacker to write files outside the intended directory and potentially overwrite arbitrary files. IBM’s Security Bullet...

CVE-2024-49780 IBM OpenPages path traversal

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

CVE-2024-49780 IBM OpenPages path traversal

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0: remote attacker could spoof mail server identity over SSL/TLS due to improper certificate validation (host mismatch). Consequences include disclosure of information in email notifications or disrupted delivery. Affected: IBM OpenPages 9.0 and OpenPages with ...

CVE-2024-49782 IBM OpenPages improper certificate validation

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...

CVE-2024-49782 IBM OpenPages improper certificate validation

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...

CVE-2024-43196

Summary (CVE-2024-43196) : IBM OpenPages with Watson 8.3 and 9.0 contains a vulnerability where an authenticated user can manipulate data in the Questionnaires application, enabling spoofing of other users’ responses. The CVSS base score is 4.3 (vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:...

CVE-2024-43196 IBM OpenPages data manipulation

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses...

CVE-2024-43196 IBM OpenPages data manipulation

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses...

CVE-2024-49355

CVE-2024-49355 affects IBM OpenPages with Watson 8.3 and 9.0. The vulnerability stems from the System Tracing feature writing improperly neutralized data to server log files when tracing is enabled, exposing potential sensitive information in logs. IBM's bulletin confirms the issue (CWE-117) with...

CVE-2024-49355 IBM OpenPages log manipulation

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature...

CVE-2024-49355 IBM OpenPages log manipulation

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature...