22 matches found
CVE-2024-35151
CVE-2024-35151 concerns IBM OpenPages with Watson 8.3 and 9.0, where authenticated users could access sensitive information due to improper authorization controls on APIs. The Red Hat/CNVD/NVD records align on the affected products/versions (IBM OpenPages with Watson 8.3; IBM OpenPages 9.0) and t...
CVE-2023-40683
IBM OpenPages with Watson versions 8.3 and 9.0 are affected by CVE-2023-40683. The issue arises from insufficient authorization checks in API requests, enabling an attacker authenticated as an OpenPages user to bypass security and gain unauthorized administrative access. The documented remediatio...
CVE-2024-27257
IBM OpenPages is affected (versions 8.3 and 9.0). The issue is exposure of information about client-side source code via JavaScript source maps, enabling disclosure to unauthorized users. Root cause details indicate that source maps are not required for functionality and should be disabled or fix...
CVE-2024-43176
CVE-2024-43176 affects IBM OpenPages 9.0. The issue arises from improper authorization checks on APIs, allowing an authenticated user to obtain sensitive information (configurations) that should be privileged. The IBM security bulletin confirms the affected version and provides remediation: apply...
CVE-2024-35117
IBM OpenPages with Watson 9.0 is affected by CVE-2024-35117: under certain configurations, sensitive information can be written in clear text to system tracing log files, potentially accessible by privileged users. The IBM Security Bulletin and Red Hat/CVEs corroborate an information-disclosure r...
CVE-2024-49337
CVE-2024-49337 affects IBM OpenPages with Watson 8.3 and OpenPages 9.0. The vulnerability arises from improper validation of user-supplied input in text fields used to construct workflow email notifications, enabling a remote authenticated attacker to inject HTML/script into an email, which would...
CVE-2023-38738
CVE-2023-38738 affects IBM OpenPages with Watson versions 8.3 and 9.0, where Native authentication may yield weaker password security. Attacker with OpenPages DB access could potentially access other OpenPages accounts due to this weakness. IBM remediation is to switch password storage from symme...
CVE-2024-49781
IBM OpenPages with Watson versions 8.3 and 9.0 are affected by an XXE vulnerability in XML data processing (CVE-2024-49781). The issue enables potential exposure of sensitive data or memory consumption due to external entity processing. Current sources identify a high-severity impact (CVSS v3.1 b...
CVE-2024-37527
IBM OpenPages with Watson 8.3 and 9.0 are affected by a cross-site scripting vulnerability in the Web UI. An authenticated user can embed arbitrary JavaScript, potentially altering functionality and disclosing credentials in a trusted session. Affected products/versions: IBM OpenPages with Watson...
CVE-2024-49355
CVE-2024-49355 affects IBM OpenPages with Watson 8.3 and 9.0. The vulnerability stems from the System Tracing feature writing improperly neutralized data to server log files when tracing is enabled, exposing potential sensitive information in logs. IBM's bulletin confirms the issue (CWE-117) with...
CVE-2024-49779
CVE-2024-49779 affects IBM OpenPages with Watson 8.3 and 9.0. It is a cross-site request forgery vulnerability caused by improper validation/management of authentication cookies, where an attacker could modify CSRF token and Session Id cookie parameters using another user’s cookies to bypass secu...
CVE-2021-29907
IBM OpenPages with Watson versions 8.1–8.2 are affected by CVE-2021-29907, where an authenticated user can upload a file that leads to arbitrary code execution. Root cause is tied to the upload functionality permitting code execution. Remediation provided by IBM fixes: 8.2 Fix Pack 2 (8.2.0.2) or...
CVE-2024-49344
IBM OpenPages with Watson (versions 8.3 and 9.0) is affected by CVE-2024-49344 where a chat session remains active after user logout, enabling a session fixation issue. Affected component: OpenPages with Watson Assistant chat feature; root cause: chat session not terminated on logout. Impact: lim...
CVE-2024-49782
IBM OpenPages with Watson 8.3 and 9.0: remote attacker could spoof mail server identity over SSL/TLS due to improper certificate validation (host mismatch). Consequences include disclosure of information in email notifications or disrupted delivery. Affected: IBM OpenPages 9.0 and OpenPages with ...
CVE-2024-43196
Summary (CVE-2024-43196) : IBM OpenPages with Watson 8.3 and 9.0 contains a vulnerability where an authenticated user can manipulate data in the Questionnaires application, enabling spoofing of other users’ responses. The CVSS base score is 4.3 (vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:...
CVE-2024-49780
CVE-2024-49780 affects IBM OpenPages with Watson 8.3 and 9.0. The vulnerability arises from path traversal in the Import Configuration file-name parameter, allowing a privileged attacker to write files outside the intended directory and potentially overwrite arbitrary files. IBM’s Security Bullet...
CVE-2024-49784
IBM OpenPages with Watson (versions 8.3 and 9.0) contains a cryptographic weakness in the storage of encrypted data using AES-CBC, which could allow an attacker with database or server-file access to extract encrypted values and potentially apply further cryptographic methods to recover plaintext...
CVE-2025-27369
IBM OpenPages with Watson 8.3–9.0 is vulnerable to information disclosure via weaker-than-expected security on certain REST administration endpoints. An authenticated user can view system configuration and internal state intended for administrators. CVSSv3.1 base score 4.3 (Network, Low attack co...
CVE-2024-49783
IBM OpenPages with Watson 8.3 and 9.0 are affected by CVE-2024-49783, which describes weaker-than-expected encryption data storage. An authenticated remote attacker with database access or a local attacker with server-file access could extract encrypted data and potentially apply additional crypt...
CVE-2023-43039
IBM OpenPages with Watson 9.0 is reported vulnerable to cross‑site scripting in the Web UI, enabling embedding of arbitrary JavaScript and potentially exposing credentials within a trusted session. CVSSv3.1 base score 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Red Hat and PT Security entries reit...
CVE-2025-27367
CVE-2025-27367 affects IBM OpenPages with Watson versions 8.3 through 9.0. The issue is described as improper input validation where an authenticated user can bypass client-side validation for GRC Object fields and craft a payload that allows data to be saved without required fields being stored....
CVE-2025-1112
CVE-2025-1112 affects IBM OpenPages with Watson 8.3 and 9.0. An authenticated user could access sensitive information that should be restricted to privileged users due to improper ownership/ access controls. The IBM Security Bulletin documents CVSS 3.1 base score 4.3 (Network, Low attack complexi...