Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openpages_with_watson
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-09 | CVE-2024-43176 | IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | Openpages_with_watson | 5.4 | ||
| 2024-12-11 | CVE-2024-35117 | IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. | Openpages_with_watson | 4.4 | ||
| 2025-01-27 | CVE-2024-37527 | IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Openpages_with_watson | 5.4 | ||
| 2025-02-20 | CVE-2024-43196 | IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | Openpages_with_watson | 4.3 | ||
| 2025-02-20 | CVE-2024-49355 | IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. | Openpages_with_watson | 6.5 | ||
| 2025-02-20 | CVE-2024-49780 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files. | Openpages_with_watson | 6.5 | ||
| 2025-02-20 | CVE-2024-49782 | IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery. | Openpages_with_watson | 8.2 | ||
| 2025-02-20 | CVE-2024-49337 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this... | Openpages_with_watson | 5.4 | ||
| 2025-02-20 | CVE-2024-49344 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. | Openpages_with_watson | 4.3 | ||
| 2025-02-20 | CVE-2024-49781 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | Openpages_with_watson | 7.1 |