Ibm: >> Openpages With Watson >> 9.0 Security Vulnerabilities
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0
could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.
CVSS Score
6.8
EPSS Score
0.002
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0
application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-01-27
IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-01-09
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-12-11
IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-09-10
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-08-22
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.
CVSS Score
6.8
EPSS Score
0.0
Published
2024-01-19