16 matches found
CVE-2023-40683
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized...
EUVD-2025-4621
Malicious code in bioql PyPI...
Security Bulletin: IBM OpenPages fixes vulnerability that exposes information about workflow configuration and internal details due to insufficient access control checks
Summary Vulnerability that exposes information about workflow configuration and internal details due to insufficient access control checks in IBM OpenPages has been addressed in the latest IBM OpenPages fix pack for 9.0 version. Vulnerability Details CVEID:CVE-2025-2670 DESCRIPTION: IBM OpenPages...
Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability
Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...
CVE-2025-2670
IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and...
CVE-2025-27367
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved withou...
CVE-2024-49783
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...
CVE-2025-27367
CVE-2025-27367 affects IBM OpenPages with Watson versions 8.3 through 9.0. The issue is described as improper input validation where an authenticated user can bypass client-side validation for GRC Object fields and craft a payload that allows data to be saved without required fields being stored....
CVE-2024-49783
IBM OpenPages with Watson 8.3 and 9.0 are affected by CVE-2024-49783, which describes weaker-than-expected encryption data storage. An authenticated remote attacker with database access or a local attacker with server-file access could extract encrypted data and potentially apply additional crypt...
CVE-2024-49783 IBM OpenPages with Watson information disclosure
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...
CVE-2024-49337
CVE-2024-49337 affects IBM OpenPages with Watson 8.3 and OpenPages 9.0. The vulnerability arises from improper validation of user-supplied input in text fields used to construct workflow email notifications, enabling a remote authenticated attacker to inject HTML/script into an email, which would...
CVE-2024-49781 IBM OpenPages XML external entity injection
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2024-49780 IBM OpenPages path traversal
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...
CVE-2024-49782
IBM OpenPages with Watson 8.3 and 9.0: remote attacker could spoof mail server identity over SSL/TLS due to improper certificate validation (host mismatch). Consequences include disclosure of information in email notifications or disrupted delivery. Affected: IBM OpenPages 9.0 and OpenPages with ...
CVE-2024-37527 IBM OpenPages with Watson cross-site scripting
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2024-43176
CVE-2024-43176 affects IBM OpenPages 9.0. The issue arises from improper authorization checks on APIs, allowing an authenticated user to obtain sensitive information (configurations) that should be privileged. The IBM security bulletin confirms the affected version and provides remediation: apply...