PT-2025-46719

Name of the Vulnerable Software and Affected Versions IBM OpenPages versions 9.0 through 9.1 Description IBM OpenPages versions 9.0 and 9.1 are susceptible to HTTP header injection due to insufficient validation of the HOST headers. This could enable an attacker to perform various attacks against...

IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable Governance, Risk and Compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 9.0 and 9.1, which stems from improper validation of the HOST header input and could lead to cross-site...

Security Bulletin: IBM OpenPages mitigates Host header injection vulnerability (CVE-2025-36223)

Summary A vulnerability in IBM OpenPages could allow an attacker to manipulate the Host header in a request, potentially influencing the response data. In certain redirection scenarios, user navigation could be influenced in unintended ways, potentially leading to exposure to untrusted...

Security Bulletin: IBM OpenPages Vulnerable to Information Disclosure (CVE-2025-27368)

Summary Application API vulnerability that exposes metadata for configurable fields due to insufficient access control checks in IBM OpenPages has been addressed. Vulnerability Details CVEID:CVE-2025-27368 DESCRIPTION: IBM OpenPages is vulnerable to information disclosure of sensitive information...

CVE-2025-33110

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Security Bulletin: HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application

Summary A specific URL endpoint in IBM OpenPages was found to be vulnerable to unsanitized HTML injection. The application reflects user-supplied input directly into the HTML response without proper encoding or validation, which allows an attacker to inject arbitrary HTML content or tags...

CVE-2025-33110

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-33110

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-33110 IBM OpenPages Vulnerable to HTML Injection

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-33110

CVE-2025-33110 affects IBM OpenPages 9.1 and 9.0 with Watson. The issue is HTML injection in the UI, allowing a remote attacker to inject HTML that runs in the victim’s browser within the hosting site’s security context. IBM’s bulletin confirms affected versions and lists fixes: 9.1.2 for 9.1 and...

CVE-2025-33110 IBM OpenPages Vulnerable to HTML Injection

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Security Bulletin: IBM OpenPages Vulnerable to HTML Injection (CVE-2025-33110)

Summary Application API's vulnerable to HTML injection in IBM OpenPages has been addressed in the latest IBM OpenPages fix pack for 9.0 and 9.1 versions. Vulnerability Details CVEID:CVE-2025-33110 DESCRIPTION: IBM OpenPages with Watson is vulnerable to HTML injection. A remote attacker could inje...

Security Bulletin: IBM OpenPages fixes multer package vulnerability (CVE-2025-7338)

Summary Vulnerability in the multer-2.0.1.tgz package with IBM OpenPages has been addressed in the latest IBM OpenPages fix pack version for 9.0 and 9.1 Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is...

IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 9.1 and 9.0 that stems from susceptibility to an HTML injection attack that could lead to malicious code...

PT-2025-45374

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2024-38828,CVE-2024-38820)

Summary Spring MVC controller vulnerable to a DoS attack and DataBinder Case Sensitive Match Exception. These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2025-41249,CVE-2025-41242)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on...

IBM OpenPages Cross-Site Scripting Vulnerability

IBM OpenPages is an AI-powered, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM OpenPages version 9.1 and 9.0, which stems from the application's lack of effective filtering and escaping of...

CVE-2025-36121

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-36121

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...