CVE-2025-27368

CWE-4973 documents3 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 92.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Openpages
Timeline
PublishedNov 12

Description

IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/openpages9.0, 9.1+1
NVDibm/openpages9.0.0, 9.1.0+1

🔴Vulnerability Details

2
CVEList
IBM OpenPages Information Disclosure2025-11-12
GHSA
GHSA-jgg9-j8gm-7w7m: IBM OpenPages 92025-11-12
CVE-2025-27368 (MEDIUM CVSS 4.3) | IBM OpenPages 9.0 and 9.1 is vulner | cvebase.io