Ibm Openpages With Watson vulnerabilities

CVE-2025-1112 [MEDIUM] CWE-282 CVE-2025-1112: IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive informat IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.

CVE-2023-43039 [MEDIUM] CWE-79 CVE-2023-43039: IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

CVE-2025-27369 [MEDIUM] CWE-497 CVE-2025-27369: IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive i IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for admi

CVE-2025-27367 [MEDIUM] CWE-602 CVE-2025-27367: IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypass IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.

CVE-2024-49783 [MEDIUM] CWE-329 CVE-2024-49783: IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly ex

CVE-2024-49784 [MEDIUM] CWE-327 CVE-2024-49784: IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of en IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use addit

CVE-2024-49782 [MEDIUM] CWE-297 CVE-2024-49782: IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server identit IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.

CVE-2024-49779 [MEDIUM] CWE-352 CVE-2024-49779: IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass securi IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass securi

CVE-2024-49781 [HIGH] CWE-611 CVE-2024-49781: IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injectio IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVE-2024-49344 [MEDIUM] CWE-384 CVE-2024-49344: IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled t IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

CVE-2024-49355 [MEDIUM] CWE-117 CVE-2024-49355: IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.

CVE-2024-43196 [MEDIUM] CWE-296 CVE-2024-43196: IBM OpenPages with Watson 8.3 and 9.0  application could allow an authenticated user to manipulate IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.

CVE-2024-49337 [MEDIUM] CWE-80 CVE-2024-49337: IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an emai

CVE-2024-49780 [MEDIUM] CWE-22 CVE-2024-49780: IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse direct IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locat

CVE-2024-37527 [MEDIUM] CWE-79 CVE-2024-37527: IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allo IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-43176 [MEDIUM] CWE-282 CVE-2024-43176: IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configur IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.

CVE-2024-35117 [MEDIUM] CWE-312 CVE-2024-35117: IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in cle IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.

CVE-2024-27257 [MEDIUM] CWE-540 CVE-2024-27257: IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

CVE-2024-35151 [MEDIUM] CWE-288 CVE-2024-35151: IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive informatio IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

CVE-2023-40683 [HIGH] CWE-285 CVE-2023-40683: IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, c IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: