CVE-2025-1112
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
CVE-2025-27369
IBM OpenPages with Watson 8.3 and 9.0
is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated use…
CVE-2025-27367
IBM OpenPages with Watson 8.3 and 9.0
is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially cra…
CVE-2024-49784
IBM OpenPages with Watson 8.3 and 9.0
could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with acce…
CVE-2024-49783
IBM OpenPages with Watson 8.3 and 9.0
could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extrac…
CVE-2023-43039
IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit…
CVE-2024-49781
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memor…
CVE-2024-49779
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie p…
CVE-2024-49344
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.
CVE-2024-49337
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker c…
CVE-2024-49782
IBM OpenPages with Watson 8.3 and 9.0
could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email…
CVE-2024-49780
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot…
CVE-2024-49355
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.
CVE-2024-43196
IBM OpenPages with Watson 8.3 and 9.0
application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.
CVE-2024-37527
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr…
CVE-2024-43176
IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.