CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2670 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2025-2670
09 Jul 2025 — IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state. • https://www.ibm.com/support/pages/node/7239153 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43039 – IBM OpenPages with Watson cross-site scripting
https://notcve.org/view.php?id=CVE-2023-43039
08 Jul 2025 — IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session • https://www.ibm.com/support/pages/node/7238923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43176 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-43176
09 Jan 2025 — IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. • https://www.ibm.com/support/pages/node/7174640 • CWE-276: Incorrect Default Permissions CWE-282: Improper Ownership Management •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35117 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2024-35117
11 Dec 2024 — IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. • https://www.ibm.com/support/pages/node/7165392 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40683 – IBM OpenPages with Watson privilege escalation
https://notcve.org/view.php?id=CVE-2023-40683
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. IBM OpenPages con Watson 8.3 y 9.0 podría permitir a un atacante remoto eludir las restricciones de seguridad causadas por comprobaciones de autorizac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38738 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2023-38738
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages ut... • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 • CWE-257: Storing Passwords in a Recoverable Format •