CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2025-2670 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2025-2670
09 Jul 2025 — IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state. • https://www.ibm.com/support/pages/node/7239153 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27369 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2025-27369
08 Jul 2025 — IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system. • https://www.ibm.com/support/pages/node/7239155 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49784 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2024-49784
08 Jul 2025 — IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data. • https://www.ibm.com/support/pages/node/7239145 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43039 – IBM OpenPages with Watson cross-site scripting
https://notcve.org/view.php?id=CVE-2023-43039
08 Jul 2025 — IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session • https://www.ibm.com/support/pages/node/7238923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49337 – IBM OpenPages HTML injection
https://notcve.org/view.php?id=CVE-2024-49337
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity... • https://www.ibm.com/support/pages/node/7183541 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49344 – IBM OpenPages session fixation
https://notcve.org/view.php?id=CVE-2024-49344
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. • https://www.ibm.com/support/pages/node/7183541 • CWE-384: Session Fixation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49779 – IBM OpenPages cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-49779
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application. • https://www.ibm.com/support/pages/node/7183541 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49781 – IBM OpenPages XML external entity injection
https://notcve.org/view.php?id=CVE-2024-49781
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7183541 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49780 – IBM OpenPages path traversal
https://notcve.org/view.php?id=CVE-2024-49780
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files. IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacke... • https://www.ibm.com/support/pages/node/7183541 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49782 – IBM OpenPages improper certificate validation
https://notcve.org/view.php?id=CVE-2024-49782
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery. • https://www.ibm.com/support/pages/node/7183541 • CWE-297: Improper Validation of Certificate with Host Mismatch •