VYPR

OpenPages

by IBM

CVEs (11)

  • CVE-2024-49781HigFeb 20, 2025
    risk 0.46cvss 7.1epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

  • CVE-2024-49337MedFeb 20, 2025
    risk 0.35cvss 5.4epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using…

  • CVE-2024-43176MedJan 9, 2025
    risk 0.35cvss 5.4epss 0.00

    IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.

  • CVE-2025-2670MedJul 9, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related…

  • CVE-2024-49779MedFeb 20, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another…

  • CVE-2024-27257MedSep 10, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

  • CVE-2025-36223Nov 12, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session…

  • CVE-2025-27368Nov 12, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system…

  • CVE-2025-33110Nov 6, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

  • CVE-2025-36121Oct 27, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

  • CVE-2025-36082Sep 15, 2025
    risk 0.00cvss epss 0.00

    IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system.