Openpages With Watson

openpages_with_watson

Vendor: Ibm • 22 CVEs

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-1112 1Ibm 1Openpages With Watson Jul 14, 2025 Jul 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
CVE-2025-27369 1Ibm 1Openpages With Watson Jul 14, 2025 Jul 8, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages....Show more IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.Show less
CVE-2025-27367 1Ibm 1Openpages With Watson Jul 14, 2025 Jul 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user s...Show more IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.Show less
CVE-2024-49784 1Ibm 1Openpages With Watson Jul 14, 2025 Jul 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a loca...Show more IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.Show less
CVE-2024-49783 1Ibm 1Openpages With Watson Jul 14, 2025 Jul 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to serve...Show more IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.Show less
CVE-2023-43039 1Ibm 1Openpages With Watson Jul 14, 2025 Jul 8, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to creden...Show more IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessionShow less
CVE-2024-49781 1Ibm 1Openpages With Watson Mar 11, 2025 Feb 20, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informat...Show more IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.Show less
CVE-2024-49779 1Ibm 1Openpages With Watson Mar 11, 2025 Feb 20, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and...Show more IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.Show less
CVE-2024-49344 1Ibm 1Openpages With Watson Mar 11, 2025 Feb 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after...Show more IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.Show less
CVE-2024-49337 1Ibm 1Openpages With Watson Mar 11, 2025 Feb 20, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote auth...Show more IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.Show less
CVE-2024-49782 1Ibm 1Openpages With Watson Mar 11, 2025 Feb 20, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disc...Show more IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.Show less
CVE-2024-49780 1Ibm 1Openpages With Watson Mar 11, 2025 Feb 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http req...Show more IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.Show less
CVE-2024-49355 1Ibm 1Openpages With Watson Mar 11, 2025 Feb 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.
CVE-2024-43196 1Ibm 1Openpages With Watson Mar 11, 2025 Feb 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.
CVE-2024-37527 1Ibm 1Openpages With Watson Mar 11, 2025 Jan 27, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten...Show more IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2024-43176 1Ibm 1Openpages With Watson Sep 29, 2025 Jan 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.
CVE-2024-35117 1Ibm 1Openpages With Watson Mar 10, 2025 Dec 11, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
CVE-2024-27257 1Ibm 2Openpages Grc Platform Openpages With Watson Sep 16, 2024 Sep 10, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.
CVE-2024-35151 1Ibm 2Openpages Grc Platform Openpages With Watson Aug 23, 2024 Aug 22, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
CVE-2023-40683 1Ibm 1Openpages With Watson Nov 21, 2024 Jan 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacke...Show more IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.Show less

12 Next