Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openpages_with_watson
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-02-20 | CVE-2024-49779 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application. | Openpages_with_watson | 8.8 | ||
| 2021-08-31 | CVE-2021-29907 | IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. | Openpages_with_watson | 8.8 | ||
| 2024-01-19 | CVE-2023-38738 | IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. | Openpages_with_watson | 8.1 | ||
| 2024-01-19 | CVE-2023-40683 | IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. | Openpages_with_watson | 8.8 | ||
| 2024-09-10 | CVE-2024-27257 | IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. | Openpages_grc_platform, Openpages_with_watson | 4.3 | ||
| 2024-08-22 | CVE-2024-35151 | IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | Openpages_grc_platform, Openpages_with_watson | 6.5 |