Lucene search
+L

16 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:55 a.m.12 views

CVE-2023-40683

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized...

8.8CVSS6.9AI score0.00701EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4621

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00525EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 6:31 p.m.6 views

Security Bulletin: IBM OpenPages fixes vulnerability that exposes information about workflow configuration and internal details due to insufficient access control checks

Summary Vulnerability that exposes information about workflow configuration and internal details due to insufficient access control checks in IBM OpenPages has been addressed in the latest IBM OpenPages fix pack for 9.0 version. Vulnerability Details CVEID:CVE-2025-2670 DESCRIPTION: IBM OpenPages...

4.3CVSS5.9AI score0.00216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 5:53 p.m.9 views

Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability

Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

8.7CVSS6.8AI score0.00873EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/07/09 3:15 p.m.19 views

CVE-2025-2670

IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and...

4.3CVSS0.00216EPSS
Exploits0References1
NVD
NVD
added 2025/07/08 7:15 p.m.7 views

CVE-2025-27367

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved withou...

6.5CVSS0.00221EPSS
Exploits0References1
NVD
NVD
added 2025/07/08 7:15 p.m.8 views

CVE-2024-49783

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...

6.5CVSS0.00265EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 6:42 p.m.26 views

CVE-2025-27367

CVE-2025-27367 affects IBM OpenPages with Watson versions 8.3 through 9.0. The issue is described as improper input validation where an authenticated user can bypass client-side validation for GRC Object fields and craft a payload that allows data to be saved without required fields being stored....

6.5CVSS6.2AI score0.00221EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/07/08 6:36 p.m.26 views

CVE-2024-49783

IBM OpenPages with Watson 8.3 and 9.0 are affected by CVE-2024-49783, which describes weaker-than-expected encryption data storage. An authenticated remote attacker with database access or a local attacker with server-file access could extract encrypted data and potentially apply additional crypt...

6.5CVSS6.2AI score0.00265EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/08 6:36 p.m.7 views

CVE-2024-49783 IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...

5.3CVSS6.2AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2025/02/20 12:9 p.m.67 views

CVE-2024-49337

CVE-2024-49337 affects IBM OpenPages with Watson 8.3 and OpenPages 9.0. The vulnerability arises from improper validation of user-supplied input in text fields used to construct workflow email notifications, enabling a remote authenticated attacker to inject HTML/script into an email, which would...

5.4CVSS5.3AI score0.00245EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/20 12:4 p.m.24 views

CVE-2024-49781 IBM OpenPages XML external entity injection

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS0.00422EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/20 3:49 a.m.11 views

CVE-2024-49780 IBM OpenPages path traversal

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

5.3CVSS6AI score0.00525EPSS
Exploits0References1
CVE
CVE
added 2025/02/20 3:46 a.m.54 views

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0: remote attacker could spoof mail server identity over SSL/TLS due to improper certificate validation (host mismatch). Consequences include disclosure of information in email notifications or disrupted delivery. Affected: IBM OpenPages 9.0 and OpenPages with ...

8.2CVSS6.6AI score0.00344EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/27 3:49 p.m.18 views

CVE-2024-37527 IBM OpenPages with Watson cross-site scripting

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS0.00218EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 2:3 p.m.68 views

CVE-2024-43176

CVE-2024-43176 affects IBM OpenPages 9.0. The issue arises from improper authorization checks on APIs, allowing an authenticated user to obtain sensitive information (configurations) that should be privileged. The IBM security bulletin confirms the affected version and provides remediation: apply...

5.4CVSS6AI score0.00277EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder