CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49780 – IBM OpenPages path traversal
https://notcve.org/view.php?id=CVE-2024-49780
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files. IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacke... • https://www.ibm.com/support/pages/node/7183541 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49782 – IBM OpenPages improper certificate validation
https://notcve.org/view.php?id=CVE-2024-49782
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery. • https://www.ibm.com/support/pages/node/7183541 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43196 – IBM OpenPages data manipulation
https://notcve.org/view.php?id=CVE-2024-43196
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. • https://www.ibm.com/support/pages/node/7183541 • CWE-296: Improper Following of a Certificate's Chain of Trust •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49355 – IBM OpenPages log manipulation
https://notcve.org/view.php?id=CVE-2024-49355
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. • https://www.ibm.com/support/pages/node/7183541 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37527 – IBM OpenPages with Watson cross-site scripting
https://notcve.org/view.php?id=CVE-2024-37527
27 Jan 2025 — IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7171880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43176 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-43176
09 Jan 2025 — IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. • https://www.ibm.com/support/pages/node/7174640 • CWE-276: Incorrect Default Permissions CWE-282: Improper Ownership Management •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35117 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2024-35117
11 Dec 2024 — IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. • https://www.ibm.com/support/pages/node/7165392 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27257 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-27257
10 Sep 2024 — IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. IBM OpenPages 8.3 y 9.0 potencialmente expone información sobre el código fuente del lado del cliente mediante el uso de mapas de origen de JavaScript a usuarios no autorizados. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283966 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35151 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-35151
22 Aug 2024 — IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. • https://www.ibm.com/support/pages/node/7165959 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40683 – IBM OpenPages with Watson privilege escalation
https://notcve.org/view.php?id=CVE-2023-40683
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. IBM OpenPages con Watson 8.3 y 9.0 podría permitir a un atacante remoto eludir las restricciones de seguridad causadas por comprobaciones de autorizac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •