CVE-2024-35151

CWE-288 CWE-306 — Missing Authentication3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 67.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Openpages With Watson IBM Openpages GRC Platform

Timeline

PublishedAug 22

Description

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/openpages_with_watson8.3, 9.0

▶NVDibm/openpages_with_watson9.0

▶NVDibm/openpages_grc_platform8.3

🔴Vulnerability Details

GHSA

GHSA-7c8c-x5xp-8wgj: IBM OpenPages with Watson 8↗2024-08-22

▶

CVEList

IBM OpenPages information disclosure↗2024-08-22

▶