CVE-2025-27367

CWE-602CWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 86.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Openpages With Watson
Timeline
PublishedJul 8

Description

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDibm/openpages_with_watson8.38.3.0.3.2+1
CVEListV5ibm/openpages_with_watson8.3, 9.0+1

Patches

Patch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM OpenPages with Watson improper input validation2025-07-08
GHSA
GHSA-w27x-3v9h-qf78: IBM OpenPages with Watson 82025-07-08

📋Vendor Advisories

1
Microsoft
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.2021-02-09
CVE-2025-27367 (MEDIUM CVSS 6.5) | IBM OpenPages with Watson 8.3 and 9 | cvebase.io