Lucene search
+L
IbmOpenpages With Watson

22 matches found

cve
cve
added 2024/08/22 10:12 a.m.89 views

CVE-2024-35151

CVE-2024-35151 concerns IBM OpenPages with Watson 8.3 and 9.0, where authenticated users could access sensitive information due to improper authorization controls on APIs. The Red Hat/CNVD/NVD records align on the affected products/versions (IBM OpenPages with Watson 8.3; IBM OpenPages 9.0) and t...

6.5CVSS6.2AI score0.00439EPSS
cve
cve
added 2024/01/19 12:54 a.m.86 views

CVE-2023-40683

IBM OpenPages with Watson versions 8.3 and 9.0 are affected by CVE-2023-40683. The issue arises from insufficient authorization checks in API requests, enabling an attacker authenticated as an OpenPages user to bypass security and gain unauthorized administrative access. The documented remediatio...

8.8CVSS8.4AI score0.00701EPSS
cve
cve
added 2024/09/10 2:24 p.m.80 views

CVE-2024-27257

IBM OpenPages is affected (versions 8.3 and 9.0). The issue is exposure of information about client-side source code via JavaScript source maps, enabling disclosure to unauthorized users. Root cause details indicate that source maps are not required for functionality and should be disabled or fix...

4.3CVSS4.5AI score0.00304EPSS
cve
cve
added 2025/01/09 2:3 p.m.68 views

CVE-2024-43176

CVE-2024-43176 affects IBM OpenPages 9.0. The issue arises from improper authorization checks on APIs, allowing an authenticated user to obtain sensitive information (configurations) that should be privileged. The IBM security bulletin confirms the affected version and provides remediation: apply...

5.4CVSS6AI score0.00277EPSS
cve
cve
added 2024/12/11 1:32 a.m.66 views

CVE-2024-35117

IBM OpenPages with Watson 9.0 is affected by CVE-2024-35117: under certain configurations, sensitive information can be written in clear text to system tracing log files, potentially accessible by privileged users. The IBM Security Bulletin and Red Hat/CVEs corroborate an information-disclosure r...

4.4CVSS6.5AI score0.00207EPSS
cve
cve
added 2025/02/20 12:9 p.m.65 views

CVE-2024-49337

CVE-2024-49337 affects IBM OpenPages with Watson 8.3 and OpenPages 9.0. The vulnerability arises from improper validation of user-supplied input in text fields used to construct workflow email notifications, enabling a remote authenticated attacker to inject HTML/script into an email, which would...

5.4CVSS5.3AI score0.00245EPSS
cve
cve
added 2024/01/19 12:41 a.m.61 views

CVE-2023-38738

CVE-2023-38738 affects IBM OpenPages with Watson versions 8.3 and 9.0, where Native authentication may yield weaker password security. Attacker with OpenPages DB access could potentially access other OpenPages accounts due to this weakness. IBM remediation is to switch password storage from symme...

8.1CVSS7.9AI score0.00528EPSS
cve
cve
added 2025/02/20 12:4 p.m.59 views

CVE-2024-49781

IBM OpenPages with Watson versions 8.3 and 9.0 are affected by an XXE vulnerability in XML data processing (CVE-2024-49781). The issue enables potential exposure of sensitive data or memory consumption due to external entity processing. Current sources identify a high-severity impact (CVSS v3.1 b...

7.1CVSS6.9AI score0.00422EPSS
cve
cve
added 2025/01/27 3:49 p.m.58 views

CVE-2024-37527

IBM OpenPages with Watson 8.3 and 9.0 are affected by a cross-site scripting vulnerability in the Web UI. An authenticated user can embed arbitrary JavaScript, potentially altering functionality and disclosing credentials in a trusted session. Affected products/versions: IBM OpenPages with Watson...

5.4CVSS6.2AI score0.00218EPSS
cve
cve
added 2025/02/20 3:40 a.m.58 views

CVE-2024-49355

CVE-2024-49355 affects IBM OpenPages with Watson 8.3 and 9.0. The vulnerability stems from the System Tracing feature writing improperly neutralized data to server log files when tracing is enabled, exposing potential sensitive information in logs. IBM's bulletin confirms the issue (CWE-117) with...

6.5CVSS5.3AI score0.0026EPSS
cve
cve
added 2025/02/20 12:6 p.m.56 views

CVE-2024-49779

CVE-2024-49779 affects IBM OpenPages with Watson 8.3 and 9.0. It is a cross-site request forgery vulnerability caused by improper validation/management of authentication cookies, where an attacker could modify CSRF token and Session Id cookie parameters using another user’s cookies to bypass secu...

8.8CVSS5AI score0.00193EPSS
cve
cve
added 2021/08/31 4:5 p.m.55 views

CVE-2021-29907

IBM OpenPages with Watson versions 8.1–8.2 are affected by CVE-2021-29907, where an authenticated user can upload a file that leads to arbitrary code execution. Root cause is tied to the upload functionality permitting code execution. Remediation provided by IBM fixes: 8.2 Fix Pack 2 (8.2.0.2) or...

8.8CVSS8.6AI score0.01475EPSS
cve
cve
added 2025/02/20 12:8 p.m.55 views

CVE-2024-49344

IBM OpenPages with Watson (versions 8.3 and 9.0) is affected by CVE-2024-49344 where a chat session remains active after user logout, enabling a session fixation issue. Affected component: OpenPages with Watson Assistant chat feature; root cause: chat session not terminated on logout. Impact: lim...

4.3CVSS4.6AI score0.00233EPSS
cve
cve
added 2025/02/20 3:46 a.m.53 views

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0: remote attacker could spoof mail server identity over SSL/TLS due to improper certificate validation (host mismatch). Consequences include disclosure of information in email notifications or disrupted delivery. Affected: IBM OpenPages 9.0 and OpenPages with ...

8.2CVSS6.6AI score0.00344EPSS
cve
cve
added 2025/02/20 3:42 a.m.50 views

CVE-2024-43196

Summary (CVE-2024-43196) : IBM OpenPages with Watson 8.3 and 9.0 contains a vulnerability where an authenticated user can manipulate data in the Questionnaires application, enabling spoofing of other users’ responses. The CVSS base score is 4.3 (vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:...

4.3CVSS4.5AI score0.00219EPSS
cve
cve
added 2025/02/20 3:49 a.m.50 views

CVE-2024-49780

CVE-2024-49780 affects IBM OpenPages with Watson 8.3 and 9.0. The vulnerability arises from path traversal in the Import Configuration file-name parameter, allowing a privileged attacker to write files outside the intended directory and potentially overwrite arbitrary files. IBM’s Security Bullet...

6.5CVSS5.6AI score0.00525EPSS
cve
cve
added 2025/07/08 6:35 p.m.27 views

CVE-2024-49784

IBM OpenPages with Watson (versions 8.3 and 9.0) contains a cryptographic weakness in the storage of encrypted data using AES-CBC, which could allow an attacker with database or server-file access to extract encrypted values and potentially apply further cryptographic methods to recover plaintext...

6.5CVSS6.3AI score0.00112EPSS
cve
cve
added 2025/07/08 6:43 p.m.27 views

CVE-2025-27369

IBM OpenPages with Watson 8.3–9.0 is vulnerable to information disclosure via weaker-than-expected security on certain REST administration endpoints. An authenticated user can view system configuration and internal state intended for administrators. CVSSv3.1 base score 4.3 (Network, Low attack co...

4.3CVSS5.7AI score0.00216EPSS
cve
cve
added 2025/07/08 6:36 p.m.26 views

CVE-2024-49783

IBM OpenPages with Watson 8.3 and 9.0 are affected by CVE-2024-49783, which describes weaker-than-expected encryption data storage. An authenticated remote attacker with database access or a local attacker with server-file access could extract encrypted data and potentially apply additional crypt...

6.5CVSS6.2AI score0.00265EPSS
cve
cve
added 2025/07/08 6:25 p.m.25 views

CVE-2023-43039

IBM OpenPages with Watson 9.0 is reported vulnerable to cross‑site scripting in the Web UI, enabling embedding of arbitrary JavaScript and potentially exposing credentials within a trusted session. CVSSv3.1 base score 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Red Hat and PT Security entries reit...

6.1CVSS6AI score0.00183EPSS
cve
cve
added 2025/07/08 6:42 p.m.25 views

CVE-2025-27367

CVE-2025-27367 affects IBM OpenPages with Watson versions 8.3 through 9.0. The issue is described as improper input validation where an authenticated user can bypass client-side validation for GRC Object fields and craft a payload that allows data to be saved without required fields being stored....

6.5CVSS6.2AI score0.00221EPSS
cve
cve
added 2025/07/09 2:33 p.m.24 views

CVE-2025-1112

CVE-2025-1112 affects IBM OpenPages with Watson 8.3 and 9.0. An authenticated user could access sensitive information that should be restricted to privileged users due to improper ownership/ access controls. The IBM Security Bulletin documents CVSS 3.1 base score 4.3 (Network, Low attack complexi...

4.3CVSS6AI score0.00194EPSS