Openpages With Watson Security Vulnerabilities and Issues — Openpages With Watson CVE List

Lucene search

IbmOpenpages With Watson

8 matches found

CVE•added 2025/02/20 12:15 p.m.•43 views

CVE-2024-49337

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field o...

5.4CVSS5.3AI score0.00028EPSS

CVE•added 2025/02/20 4:15 a.m.•42 views

CVE-2024-49355

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.

6.5CVSS5.3AI score0.00029EPSS

CVE•added 2025/02/20 12:15 p.m.•41 views

CVE-2024-49344

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

4.3CVSS4.6AI score0.00029EPSS

CVE•added 2025/02/20 12:15 p.m.•41 views

CVE-2024-49779

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacke...

8.8CVSS5AI score0.00078EPSS

CVE•added 2025/02/20 12:15 p.m.•41 views

CVE-2024-49781

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

7.1CVSS6.9AI score0.00155EPSS

CVE•added 2025/02/20 4:15 a.m.•37 views

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification de...

8.2CVSS6.6AI score0.00075EPSS

CVE•added 2025/02/20 4:15 a.m.•36 views

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in I...

6.5CVSS5.6AI score0.00053EPSS

CVE•added 2025/02/20 4:15 a.m.•35 views

CVE-2024-43196

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.

4.3CVSS4.5AI score0.00035EPSS