VYPR

OpenPages with Watson

by IBM

CVEs (20)

  • CVE-2023-40683HigJan 19, 2024
    risk 0.57cvss 8.8epss 0.01

    IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and…

  • CVE-2021-29907HigAug 31, 2021
    risk 0.57cvss 8.8epss 0.01

    IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

  • CVE-2024-49781HigFeb 20, 2025
    risk 0.46cvss 7.1epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

  • CVE-2024-49782MedFeb 20, 2025
    risk 0.44cvss 6.8epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages…

  • CVE-2023-38738MedJan 19, 2024
    risk 0.44cvss 6.8epss 0.01

    IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted…

  • CVE-2024-35151MedAug 22, 2024
    risk 0.42cvss 6.5epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

  • CVE-2023-43039MedJul 8, 2025
    risk 0.40cvss 6.1epss 0.00

    IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

  • CVE-2024-49337MedFeb 20, 2025
    risk 0.35cvss 5.4epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using…

  • CVE-2024-37527MedJan 27, 2025
    risk 0.35cvss 5.4epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2025-27367MedJul 8, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for…

  • CVE-2024-49784MedJul 8, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the…

  • CVE-2024-49783MedJul 8, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could…

  • CVE-2024-49780MedFeb 20, 2025
    risk 0.34cvss 5.3epss 0.01

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file…

  • CVE-2024-49355MedFeb 20, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.

  • CVE-2024-35117MedDec 11, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.

  • CVE-2025-1112MedJul 9, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.

  • CVE-2025-27369MedJul 8, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information…

  • CVE-2024-49779MedFeb 20, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another…

  • CVE-2024-49344MedFeb 20, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

  • CVE-2024-43196MedFeb 20, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM OpenPages with Watson 8.3 and 9.0  application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.